Infected by iliti virus & possible others...

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Infected by iliti virus & possible others...

Post by thwhite70 on Thu 23 Aug 2012, 12:11 pm

Infected by iliti virus & possible others...

OTL logfile created on: 8/22/2012 7:52:25 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Virus Removal 001
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 14.18 Gb Available Physical Memory | 88.74% Memory free
31.96 Gb Paging File | 30.56 Gb Available in Paging File | 95.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1840.26 Gb Total Space | 1674.07 Gb Free Space | 90.97% Space Free | Partition Type: NTFS
Drive J: | 93.33 Gb Total Space | 24.56 Gb Free Space | 26.32% Space Free | Partition Type: FAT32

Computer Name: LIBRARY | User Name: FabFrommFamily | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/22 19:48:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Virus Removal 001\OTL.com


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/08 17:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/14 15:11:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/14 06:10:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/07 08:38:52 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/08/02 11:00:10 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/27 21:09:31 | 000,830,048 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/30 14:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/02/16 17:32:56 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/29 16:36:32 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/09/29 16:31:39 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/09/20 21:05:37 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/27 21:09:32 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/04/10 14:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/20 22:42:07 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2011/09/20 22:42:03 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2011/09/20 22:42:01 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2011/09/20 22:42:01 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2011/09/20 22:41:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/20 22:41:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 05:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/14 07:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/05/20 18:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/27 02:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/27 02:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{02A9B082-D8E6-4AB1-9ABA-4656B853E300}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [You must be registered and logged in to see this link.] 21:09:32&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B8EEB896-B588-46AF-ACBE-40CAB69FCE39}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{F631367A-31A0-437C-8821-AEB57AB46912}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\FabFrommFamily\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/05 10:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2012/02/16 17:32:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore: C:\Program Files (x86)\SDIV 2.0\Lib\xpi [2012/03/08 20:30:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/16 07:47:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/27 21:09:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/14 06:10:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/14 06:10:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/07 08:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Extensions
[2012/08/08 18:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions
[2012/08/07 08:39:05 | 000,000,000 | ---D | M] (MeFeedia) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}
[2012/07/13 03:56:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/07 08:38:46 | 000,000,000 | ---D | M] (RivalGaming) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\links@rivalgaming.com
[2012/08/07 08:38:59 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\plugin@yontoo.com
[2012/08/22 19:51:27 | 000,001,982 | ---- | M] () -- C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\searchplugins\search-here.xml
[2012/07/13 03:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 03:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/07/13 03:55:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/13 03:58:57 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2012/08/08 18:27:35 | 000,021,674 | ---- | M] () (No name found) -- C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM.XPI
[2012/08/14 06:10:49 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/27 21:09:29 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/14 06:10:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/14 06:10:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120627110650.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O2 - BHO: (RivalGaming Games) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\FabFrommFamily\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (FBDownloader BHO) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Program Files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120713042647.dll (McAfee, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PhotoshopElements8SyncAgent] c:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Smart PC Cleaner] C:\Program Files (x86)\Smart PC Cleaner\SPCLauncher.exe (Avanquest Software)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B8442ED-1213-486A-9CC8-329A24D6D772}: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECE4C237-C1BF-47D8-B66E-E19BDFC76428}: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\FabFrommFamily\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/16 09:51:42 | 000,000,031 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{f815c91f-2fc7-11e1-b7f8-782bcbb751df}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{f815c91f-2fc7-11e1-b7f8-782bcbb751df}\Shell\phone\command - "" = K:\autorun.exe
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\K\Shell\phone\command - "" = K:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpFolder: C:^Users^FabFrommFamily^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: AccuWeatherWidget - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BingDesktop - hkey= - key= - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
MsConfig:64bit - StartUpReg: DellStage - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MyWebSearch Email Plugin - hkey= - key= - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
MsConfig:64bit - StartUpReg: NeroLauncher - hkey= - key= - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MsConfig:64bit - StartUpReg: PopularScreensaversWallpaper - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Update - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {31FC010A-5B46-1D40-2003-2F1209A8170D} - Offline Browsing Pack
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7E6D9527-5A7A-492F-470A-AFC8ED3390DB} - Browser Customizations
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B9C96926-860D-F1E9-129E-0457A5301A3D} - Browser Customizations
ActiveX: {BBE13730-EAA4-0109-B2FB-39A2B8A6223C} - Offline Browsing Pack
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Thu 23 Aug 2012, 12:12 pm

(OTL REPORT CONTINUED)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/08/22 19:48:34 | 000,000,000 | ---D | C] -- C:\Virus Removal 001
[2012/08/22 06:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/16 03:02:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/16 03:02:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/16 03:02:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/16 03:02:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/16 03:02:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/16 03:02:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/16 03:02:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/16 03:02:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/16 03:02:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/16 03:02:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/16 03:02:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/16 03:02:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/16 03:02:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/16 03:02:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 22:00:34 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\Documents\Tom
[2012/08/15 18:08:32 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 18:08:29 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 18:08:29 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 18:08:29 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 18:08:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 18:08:28 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 18:08:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 18:08:26 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/07 09:09:17 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\Smart PC Cleaner
[2012/08/07 08:39:10 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Local\visi_coupon
[2012/08/07 08:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mefeediatest
[2012/08/07 08:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/07 08:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/08/07 08:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/07 08:38:52 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\DefaultTab
[2012/08/07 08:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart PC Cleaner
[2012/08/07 08:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Cleaner
[2012/08/07 08:38:45 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivalGaming
[2012/08/07 08:38:44 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Local\RivalGaming
[2012/08/07 08:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/08/07 08:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/08/07 08:38:37 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\Yahoo!
[2012/08/07 08:08:47 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\RealNetworks
[2012/08/02 18:33:44 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\FabFrommFamily\gotomypc_635.exe
[2012/07/27 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/27 21:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/27 21:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/27 21:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/27 21:09:36 | 000,000,000 | ---D | C] -- C:\Users\FabFrommFamily\AppData\Local\AVG Secure Search
[2012/07/27 21:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/27 21:09:32 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/07/27 21:09:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/27 21:09:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/27 21:09:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/29 17:50:20 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\FabFrommFamily\gotomypc_626.exe

========== Files - Modified Within 30 Days ==========

[2012/08/22 06:11:58 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/22 06:11:58 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/22 06:11:58 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/22 06:07:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/22 06:07:41 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 06:06:29 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job
[2012/08/22 06:06:21 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 06:06:21 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 06:06:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/21 23:07:30 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 23:07:30 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 22:58:16 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/08/17 19:15:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/08/17 19:09:56 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/08/16 11:56:52 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/16 03:19:33 | 000,442,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 15:11:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 15:11:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/07 08:38:51 | 000,001,099 | ---- | M] () -- C:\Users\FabFrommFamily\Desktop\Smart PC Cleaner.lnk
[2012/08/02 18:33:49 | 001,393,736 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\FabFrommFamily\gotomypc_635.exe
[2012/07/27 21:27:27 | 000,000,219 | ---- | M] () -- C:\Users\FabFrommFamily\Desktop\Team Fortress 2.url
[2012/07/27 21:10:18 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/27 21:09:32 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

========== Files Created - No Company Name ==========

[2012/08/17 18:15:06 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/08/07 08:38:51 | 000,001,099 | ---- | C] () -- C:\Users\FabFrommFamily\Desktop\Smart PC Cleaner.lnk
[2012/08/07 08:38:45 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\RGames Updater.job
[2012/07/27 21:27:27 | 000,000,219 | ---- | C] () -- C:\Users\FabFrommFamily\Desktop\Team Fortress 2.url
[2012/07/27 21:10:18 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/04/01 20:37:24 | 000,000,053 | ---- | C] () -- C:\Users\FabFrommFamily\jagex_cl_runescape_LIVE.dat
[2012/04/01 20:37:24 | 000,000,001 | ---- | C] () -- C:\Users\FabFrommFamily\random.dat
[2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/25 20:53:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/20 21:22:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/20 21:06:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/09/20 21:06:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/09/20 21:06:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/09/20 21:06:01 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/09/20 21:06:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/10 09:33:46 | 000,774,812 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/20 22:17:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/20 22:17:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/20 22:17:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/08/14 06:10:47 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/08/14 06:10:48 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/20 22:17:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/20 22:17:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/20 22:17:46 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >
[2007/11/07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) MD5=E015A2D8890E2A96A93CA818F834C45B -- C:\install.exe

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/09/25 17:27:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/09/20 21:02:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
[2011/12/25 20:11:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/09/20 21:02:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2012/07/27 21:09:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/25 20:09:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2012/01/12 16:39:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Chimpoo_3aEI
[2011/11/06 14:12:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco Systems
[2012/07/27 21:10:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/03/08 20:30:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2011/09/20 21:05:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2012/03/08 20:30:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Crunchdeal
[2011/09/20 21:07:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2011/09/20 21:35:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2012/04/24 14:28:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2012/02/18 15:04:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Stage
[2012/02/18 15:04:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Touch Software Suite
[2012/03/08 20:30:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\fbDownloader
[2012/08/07 08:39:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/02/16 17:32:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FunWebProducts
[2012/02/05 10:24:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/03/08 20:30:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HTTO Group, Ltd
[2012/01/12 18:06:58 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/09/20 20:58:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/08/16 03:18:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/07/14 21:09:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView
[2012/07/16 08:17:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/09/20 20:57:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/11/05 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Laplink
[2012/07/19 13:49:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2011/09/20 21:16:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mcafee.com
[2012/08/07 08:39:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mefeediatest
[2012/04/25 09:40:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/09/25 17:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/09/25 17:59:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/09 03:22:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/09/20 21:12:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/25 17:57:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/08/14 06:10:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/08/15 18:01:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/09/20 21:00:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Multimedia Card Reader(9106)
[2012/02/05 10:24:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Musicnotes
[2012/02/16 17:32:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyWebSearch
[2012/03/27 22:00:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2012/02/16 18:33:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton PC Checkup
[2012/08/22 06:31:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2011/09/20 21:13:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayReady
[2012/05/16 13:12:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2012/02/05 10:23:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/05/16 13:13:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2012/03/08 20:30:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SDIV 2.0
[2011/09/20 21:05:34 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/08/07 08:38:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Smart PC Cleaner
[2011/09/20 21:33:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmartSound Software
[2012/08/21 23:05:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/09/20 21:13:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/09/20 22:42:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Virtual PC
[2012/08/07 08:38:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2012/08/07 08:38:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo
[2011/09/20 21:17:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zinio Reader 4

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 22:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/09/20 22:41:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/09/20 22:41:58 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 22:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 23:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2010/11/20 22:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/24 00:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/09/20 22:41:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/09/20 22:41:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2011/09/20 22:41:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 22:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/09/20 22:41:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/09/20 22:41:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/09/20 22:41:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/09/20 22:41:58 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/09/20 22:41:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/09/20 22:41:58 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/09/29 12:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 22:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/03/30 05:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/09/20 22:41:59 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 01:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/09/20 22:41:59 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/09/20 22:41:54 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
[2011/09/20 22:41:54 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
[2011/06/21 01:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 11:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

< End of report >

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Thu 23 Aug 2012, 12:13 pm

(EXTRAS.TXT)

OTL Extras logfile created on: 8/22/2012 7:52:25 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Virus Removal 001
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 14.18 Gb Available Physical Memory | 88.74% Memory free
31.96 Gb Paging File | 30.56 Gb Available in Paging File | 95.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1840.26 Gb Total Space | 1674.07 Gb Free Space | 90.97% Space Free | Partition Type: NTFS
Drive J: | 93.33 Gb Total Space | 24.56 Gb Free Space | 26.32% Space Free | Partition Type: FAT32

Computer Name: LIBRARY | User Name: FabFrommFamily | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A7B2DD-0872-4549-9479-7F38F69E98B5}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{12EEBC5B-38C2-444D-B531-300892E9A9E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14B6B211-49E1-4E30-B55E-18A05CD2B4E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{235A4EE2-2374-4278-A0C7-B9AE5A0DF22D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{2D59B70F-1603-4A18-BE0B-17EC9ACF1E99}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E36B029-0FE4-469A-988A-DEFF9C2CE7F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30D0F0BA-C0A2-4EB2-B749-C6E8E3A6E1F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{43BC51A5-F00C-4A27-95A5-88D9DFFBEE5D}" = lport=138 | protocol=17 | dir=in | app=system |
"{5353BD9B-6EC5-4432-A602-30129E65D390}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57C05928-7A3F-4F1F-9A62-5B2F31286BF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CC92FD6-CD14-43AC-A3CE-BF4F63332432}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B140445-D169-4A8E-ADC1-3F9A24874E0D}" = rport=139 | protocol=6 | dir=out | app=system |
"{721A387F-E475-4F65-9AD7-53846F91C4CB}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{92A4A674-5439-4017-8B40-9EADBD0FFE43}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A1705A3-E026-4C38-B27D-108324B5A9C7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9DAA65D6-BDD8-4504-948E-DE210CE1FE93}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A50783F4-0C99-4CC6-89AF-D78D36D16803}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFA6205E-E821-4C24-AF82-3F4D9A5270F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C20209E0-B6EC-44CE-B623-6B9E76BC4D3E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C7C667C7-8A01-4B14-8AEE-4911D8561C3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{C94829CD-5A72-41C5-BA16-9D0FCEA4B967}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{D46195EF-A1BB-4AA1-BA27-4BA3BAC78D9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{D505D96C-DA88-447F-85DB-929F0B2F3013}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D67D64B6-6FC9-4FE2-8D90-335C76367E82}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9FF7B83-112A-4989-8A0A-2E68B429E697}" = lport=445 | protocol=6 | dir=in | app=system |
"{DF2A28B8-C9D1-46AB-ACC6-C296DCD2969C}" = lport=137 | protocol=17 | dir=in | app=system |
"{EC20433F-BF22-4C12-A13E-865C4B980D5E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EC57B5D0-2346-4949-8FF2-41F39FB406F2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ED63B9A4-6C80-419C-89D5-0578251D0A9D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EF5A9CEF-9304-4DF9-9A11-DFAE462BC523}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{FCA9DCF2-2700-40D1-8622-CD8ED731561C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C5AAFB1-3F03-4E26-B091-CEF881E63C97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0D2FF58D-728D-44E9-91F2-EDDC67A60A7F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0E7E3AE7-CA94-41E9-AD5E-88CDFA8012C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{14DFE826-1CBF-4305-A57D-CD97E631FAF4}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{253540F8-63A8-4AA9-ADCB-AA57EE1D5734}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{25D3E2B9-96A4-428F-996B-64D6793EACC9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2DA8F6FE-F929-410C-947E-1CDAAEE589B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F78EA19-0554-4EFF-968B-72F9A58E7158}" = dir=in | app=c:\program files (x86)\laplink\pcsync\pcsync.exe |
"{3560F6F4-6273-44A0-B6EB-22E920F06324}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{36A99D4C-2FBB-428D-9F02-EC74C76F4B61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B560245-59AA-4D7B-BBB0-024449DD14EA}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{3C055A6C-902B-4AAB-A5DA-F5154A6E2F94}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{42860F3A-659F-44C6-AA4B-465F1F2822BD}" = dir=in | app=c:\program files (x86)\laplink\pcsync\sfthost.exe |
"{44502C8B-77D1-40D2-8B6D-BA1265AD8622}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{45E0540D-0F4B-4620-8AEA-DA3AE72BEDF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CB12FC5-1D48-492A-B5BD-0F360C32B66E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{51C19F4A-E857-4F97-AB39-43057C6EE5C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53583D6A-D531-4465-A112-11ED916DB880}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{54D5D840-AFE1-4EE1-860F-24A3559190C7}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{54EBDB64-6833-4FA8-8A11-60F72CB7F841}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{73B7FF23-67B4-4CE6-BD66-CF11A5BE6293}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{74EC1B2A-5435-47E9-92DA-7CCCDDBE02EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{84286BFD-3C5D-4284-8A3F-55521B652E61}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe |
"{98CD6865-D80C-4074-946D-95E7BAED50F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99AECD09-CA75-4D76-B203-4FAFBE3B0B73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9CBEB5F5-4C38-4346-B4AA-EB6B624D6C40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A089C80B-FC09-4BA4-8C5F-ABABF9E1FEE8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A49E1745-4CBE-467D-ADEA-004F551F562F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A49F8E25-E78C-4676-B1B8-C11239313E05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF08C61A-E85E-49BD-A8F0-2FB5E49A4BC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1007F33-5040-4DEA-B141-7737798AA3AD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B3C0D71D-5DF0-404D-97AD-9521FD4741F2}" = protocol=6 | dir=out | app=system |
"{B60634AA-04A6-4F42-A985-D8020B40D9A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC5F98A1-F70F-4492-877D-A5EFC404AF3C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BD13331F-03EE-4046-9A16-E149E8F8AC54}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C185FFC1-92FC-4B31-9D3C-85FC86194A48}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C22A6761-FCF8-4822-B291-3CB1D23AFDF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C32DDF60-778F-4C8E-9EDA-DB19907DD500}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5D7C0E1-85CB-4A91-9ADF-E3AFEED745E5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CDEBFFE1-E288-4016-AA0B-9C5CF9BD62F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6183D30-A0AC-4EB0-9A43-3033E2D6E1D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D98D2425-5383-427A-98CF-39A3D3785754}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DB8884A5-E072-44D4-BDB9-580245D0BD1D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F850999E-D617-4A53-9F55-7121DAF00B47}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2F2FB795-02E4-C0B7-4C7E-33F5DBBBC299}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{72E244E5-ABBF-4905-B29C-4A8BA9190A9C}" = ATI AVIVO64 Codecs
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E73155E5-E75F-D09E-30C0-C18E3C3A1FA3}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C39C9B6-2DD9-A78C-DB11-D542912480BE}" = CCC Help Spanish
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}" = TrustedID IDMonitor Identity Protection
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{16D3E1ED-6F49-CE9E-93C5-0303D0D16196}" = CCC Help Dutch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = ASPCA Reminder by We-Care.com v5.0.5.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{23F80A0D-95AA-5001-B4C6-A42E4B3D6615}" = CCC Help Greek
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25B30DCB-97E2-7A3A-F159-D970B73B71A5}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D7162F-9D1B-CA6D-15C3-1114F551F9A6}" = CCC Help Polish
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BD9E081-9383-1E4B-D33F-6A6D6DCADBCF}" = CCC Help Hungarian
"{30E411BE-C174-405F-9361-27F4CEDE0C19}" = PCmover Professional
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33E2517D-E262-EA4A-842C-0BE9B1263AC8}" = CCC Help French
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36ADF0B5-55B8-C2F6-387D-3A6715055B51}" = CCC Help Korean
"{37D4213E-49E9-DCCF-5C64-7E090A456C9A}" = CCC Help Czech
"{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3C37A01E-C036-4011-8875-521E6DBC2850}" = Laplink PCsync
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{44743861-8050-E256-42DE-57DD79BE88FC}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5778D89F-205C-6575-1EB8-A9C6BA6C4143}" = CCC Help Swedish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{654AC5F1-A109-6CA6-090E-D848AF7749C4}" = CCC Help Japanese
"{65DB503C-C379-2F23-C24D-232586D0E479}" = CCC Help Chinese Standard
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B94DEB7-98DB-1C8D-85D5-A315A2407C3E}" = CCC Help Portuguese
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F73FF67-09CE-F7B6-551D-5A4EA4CAA4CB}" = CCC Help German
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7D10390B-B895-8DCA-F140-C951B3110731}" = Catalyst Control Center InstallProxy
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81E4A484-448D-4F69-9E48-CD9419D36C72}" = CCC Help Finnish
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855945E0-69F8-EE59-257E-271AD70EBB18}" = CCC Help Turkish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B0682D6-D608-2430-F3A8-492C91F4F892}" = Catalyst Control Center Localization All
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938D5F72-6759-4C4A-0CF6-203C4C377717}" = CCC Help Chinese Traditional
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4D695B-87A6-49A7-A36C-85F2E63B669D}" = FBDownloader IE Add-on
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACCDD881-A880-58EF-D6C8-1B962297C7FA}" = CCC Help Russian
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C70F962E-EABC-8FB5-16FD-89B01378214A}" = CCC Help Danish
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E27CA8FE-3A09-E040-711C-397A97D85DA3}" = CCC Help English
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E54120CB-FA9C-7037-71C9-342761EBC5FF}" = CCC Help Norwegian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F9EE9A09-99B7-B29E-53C3-BBAD0ECB8A78}" = Catalyst Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"DefaultTab" = DefaultTab
"fbDownloader" = fbDownloader 1.0.2
"Guild Wars 2" = Guild Wars 2
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"IrfanView" = IrfanView (remove only)
"mefeediatest" = MeFeedia
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.7.0
"MyWebSearch bar Uninstall" = My Web Search (Popular Screensavers)
"NortonPCCheckup" = Norton PC Checkup
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PremElem90" = Adobe Premiere Elements 9
"RealPlayer 15.0" = RealPlayer
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.0
"Steam App 440" = Team Fortress 2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RivalGaming" = RivalGaming
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2012 10:15:41 PM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEHelperv2.5.0.dll, version: 3.0.0.1,
time stamp: 0x4ed7c091 Exception code: 0xc0000005 Fault offset: 0x00005945 Faulting
process id: 0x1698 Faulting application start time: 0x01cd4b65ecdffbc3 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll Report Id: 2b227d54-b759-11e1-8bd9-782bcbb751df

Error - 6/20/2012 8:41:57 AM | Computer Name = Library | Source = WinMgmt | ID = 10
Description =

Error - 6/20/2012 3:58:36 PM | Computer Name = Library | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Symantec Eraser Control driver. System Error: The system cannot find the
file specified. .

Error - 6/25/2012 9:53:52 AM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x2c54 Faulting application start time: 0x01cd52d9f3faa96c Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 31ff4736-becd-11e1-a173-782bcbb751df

Error - 6/26/2012 2:24:00 PM | Computer Name = Library | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2a7c Start
Time: 01cd5396dd200130 Termination Time: 81 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id: 162f7b47-bfbc-11e1-a173-782bcbb751df

Error - 6/27/2012 2:01:34 PM | Computer Name = Library | Source = WinMgmt | ID = 10
Description =

Error - 6/27/2012 2:02:41 PM | Computer Name = Library | Source = MsiInstaller | ID = 11923
Description =

Error - 6/27/2012 2:02:41 PM | Computer Name = Library | Source = MsiInstaller | ID = 11939
Description =

Error - 6/27/2012 7:42:38 PM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x13b0 Faulting application start time: 0x01cd54be7c83feab Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: c6b9f885-c0b1-11e1-b86a-782bcbb751df

Error - 6/27/2012 11:08:33 PM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x244c Faulting application start time: 0x01cd54db4ceab0b3 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 8b2d3245-c0ce-11e1-b86a-782bcbb751df

Error - 7/3/2012 1:39:54 AM | Computer Name = Library | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: IEHelperv2.5.0.dll, version: 3.0.0.1,
time stamp: 0x4ed7c091 Exception code: 0xc0000005 Fault offset: 0x00013459 Faulting
process id: 0x2058 Faulting application start time: 0x01cd58de4422ede0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll Report Id: 839fd3fe-c4d1-11e1-b86a-782bcbb751df

[ System Events ]
Error - 8/22/2012 8:34:57 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:34:58 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:34:58 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:34:58 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/22/2012 8:51:27 PM | Computer Name = Library | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Thu 23 Aug 2012, 12:13 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-22 20:06:40
-----------------------------
20:06:40.001 OS Version: Windows x64 6.1.7601 Service Pack 1
20:06:40.001 Number of processors: 8 586 0x2A07
20:06:40.001 ComputerName: LIBRARY UserName:
20:06:42.357 Initialize success
20:06:45.430 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:06:45.430 Disk 0 Vendor: ST320006 CC44 Size: 1907729MB BusType: 3
20:06:45.446 Disk 0 MBR read successfully
20:06:45.446 Disk 0 MBR scan
20:06:45.446 Disk 0 Windows VISTA default MBR code
20:06:45.446 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
20:06:45.461 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 23258 MB offset 81920
20:06:45.461 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1884430 MB offset 47714304
20:06:45.477 Disk 0 scanning C:\Windows\system32\drivers
20:06:50.422 Service scanning
20:06:59.189 Modules scanning
20:06:59.189 Disk 0 trace - called modules:
20:06:59.205 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:06:59.205 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e4f4060]
20:06:59.205 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d4c6050]
20:06:59.205 Scan finished successfully
20:07:12.964 Disk 0 MBR has been saved successfully to "C:\Virus Removal 001\MBR.dat"
20:07:12.964 The log file has been saved successfully to "C:\Virus Removal 001\aswMBR.txt"



thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Thu 23 Aug 2012, 12:15 pm

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Smart PC Cleaner v3.0
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on Fri 24 Aug 2012, 6:35 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on Fri 24 Aug 2012, 6:49 am

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm719YYUS&ptnrS=ZRxdm719YYUS&si=CLzf37jGo64CFXG-tgod8hR5RA&ptb=vZWOkJFO2UtHJke5RKwcHQ&ind=2012021617&n=77ed0371&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UVxdm008YYus&ptb=3217E71D-C087-4D9A-9EDD-EF3301305B2A&ind=2012011217&ptnrS=UVxdm008YYus&si=&n=77ecdad1&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{02A9B082-D8E6-4AB1-9ABA-4656B853E300}: "URL" = http://www.mysearchresults.com/search?&c=2632&t=03&q={searchTerms}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm719YYUS&ptnrS=ZRxdm719YYUS&si=CLzf37jGo64CFXG-tgod8hR5RA&ptb=vZWOkJFO2UtHJke5RKwcHQ&ind=2012021617&n=77ed0371&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=UVxdm008YYus&ptb=3217E71D-C087-4D9A-9EDD-EF3301305B2A&ind=2012011217&ptnrS=UVxdm008YYus&si=&n=77ecdad1&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={25478072-0715-4449-8F26-9C3EE963FE65}&mid=6851eeb4ce6b47d0a3f9a9628d53b82c-dd09342c53d7249823ba10439343fffb130b7274&lang=en&ds=ft011&pr=sa&d=2012-07-27 21:09:32&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B8EEB896-B588-46AF-ACBE-40CAB69FCE39}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120832,17118,0,18,0
IE - HKCU\..\SearchScopes\{F631367A-31A0-437C-8821-AEB57AB46912}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (RivalGaming Games) - {26D675AC-D925-4bbf-A720-62C2AA4A81EB} - C:\Users\FabFrommFamily\AppData\Local\RivalGaming\RivalGaming.dll (RivalGaming)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)

:folders

C:\Program Files (x86)\MyWebSearch

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Fri 24 Aug 2012, 12:17 pm

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 08/23/2012 at 08:03 PM

Application Version : 5.5.1012

Core Rules Database Version : 9115
Trace Rules Database Version: 6927

Scan type : Complete Scan
Total Scan Time : 01:09:49

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 563
Memory threats detected : 0
Registry items scanned : 66951
Registry threats detected : 758
File items scanned : 238119
File threats detected : 493

PUP.MyWebSearch
(x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
(x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
(x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
(x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
(x86) HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
(x86) HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
(x86) [My Web Search Bar Search Scope Monitor] C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\M3SRCHMN.EXE
C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\M3SRCHMN.EXE
(x86) [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
(x86) HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
(x86) HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x86) HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
(x86) HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
(x86) HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
(x86) HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
(x86) HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
(x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
(x86) HKLM\System\ControlSet001\Services\MYWEBSEARCHSERVICE
C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSSVC.EXE
(x86) HKLM\System\ControlSet001\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
(x86) HKLM\System\ControlSet002\Services\MYWEBSEARCHSERVICE
(x86) HKLM\System\ControlSet002\Enum\Root\LEGACY_MYWEBSEARCHSERVICE
(x86) HKLM\System\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE

PUP.MyWebSearch/FunWebProducts
(x86) HKLM\SOFTWARE\Fun Web Products
(x86) HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
(x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger
(x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
(x86) HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
(x86) HKLM\SOFTWARE\Fun Web Products\ScreenSaver
(x86) HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
(x86) HKLM\SOFTWARE\Fun Web Products\Settings
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
(x86) HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\SOFTWARE\MyWebSearch
(x86) HKLM\SOFTWARE\MyWebSearch
(x86) HKLM\SOFTWARE\MyWebSearch\bar
(x86) HKLM\SOFTWARE\MyWebSearch\bar#Maximized
(x86) HKLM\SOFTWARE\MyWebSearch\bar#Visible
(x86) HKLM\SOFTWARE\MyWebSearch\bar#pid
(x86) HKLM\SOFTWARE\MyWebSearch\bar#fwp
(x86) HKLM\SOFTWARE\MyWebSearch\bar#mwsask
(x86) HKLM\SOFTWARE\MyWebSearch\bar#psid
(x86) HKLM\SOFTWARE\MyWebSearch\bar#un
(x86) HKLM\SOFTWARE\MyWebSearch\bar#tiec
(x86) HKLM\SOFTWARE\MyWebSearch\bar#Dir
(x86) HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
(x86) HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
(x86) HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
(x86) HKLM\SOFTWARE\MyWebSearch\bar#Id
(x86) HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
(x86) HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
(x86) HKLM\SOFTWARE\MyWebSearch\bar#sr
(x86) HKLM\SOFTWARE\MyWebSearch\bar#pl
(x86) HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEMON
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEMON#Version
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Version
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#Path
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG#StandardSmileyDir.AIM
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.0
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.1
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.3
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.4
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.5
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.6
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.7
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.8
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#ICQT.9
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.0.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.1.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.2.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.3.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.4.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.5.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.6.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.7.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.8.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.9.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.10.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.11.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.12.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#Yahoo.13.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.0.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.1.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.2.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.3.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.4.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.5.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.6.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.7.old
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.8
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.9
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIM.10
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.0
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.1
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.3
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.4
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.5
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.6
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.7
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.8
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.9
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.10
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#AIMT.11
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.numActive2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.0
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.1
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.2
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.3
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.4
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.5
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.6
(x86) HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo#GoogleTalkHTML.7
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows12
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows2
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows3
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows4
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows5
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows6
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows7
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows8
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows9
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows10
(x86) HKLM\SOFTWARE\MyWebSearch\OEHosts#Windows11
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#psid
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#LastRequest
(x86) HKLM\SOFTWARE\MyWebSearch\SearchAssistant#NextRequest
(x86) HKLM\SOFTWARE\MyWebSearch\SkinTools
(x86) HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
(x86) HKCR\FunWebProducts.DataControl
(x86) HKCR\FunWebProducts.DataControl\CLSID
(x86) HKCR\FunWebProducts.DataControl\CurVer
(x86) HKCR\FunWebProducts.DataControl.1
(x86) HKCR\FunWebProducts.DataControl.1\CLSID
(x86) HKCR\FunWebProducts.HistoryKillerScheduler
(x86) HKCR\FunWebProducts.HistoryKillerScheduler\CLSID
(x86) HKCR\FunWebProducts.HistoryKillerScheduler\CurVer
(x86) HKCR\FunWebProducts.HistoryKillerScheduler.1
(x86) HKCR\FunWebProducts.HistoryKillerScheduler.1\CLSID
(x86) HKCR\FunWebProducts.HistorySwatterControlBar
(x86) HKCR\FunWebProducts.HistorySwatterControlBar\CLSID
(x86) HKCR\FunWebProducts.HistorySwatterControlBar\CurVer
(x86) HKCR\FunWebProducts.HistorySwatterControlBar.1
(x86) HKCR\FunWebProducts.HistorySwatterControlBar.1\CLSID
(x86) HKCR\FunWebProducts.HTMLMenu
(x86) HKCR\FunWebProducts.HTMLMenu\CLSID
(x86) HKCR\FunWebProducts.HTMLMenu\CurVer
(x86) HKCR\FunWebProducts.HTMLMenu.1
(x86) HKCR\FunWebProducts.HTMLMenu.1\CLSID
(x86) HKCR\FunWebProducts.HTMLMenu.2
(x86) HKCR\FunWebProducts.HTMLMenu.2\CLSID
(x86) HKCR\FunWebProducts.IECookiesManager
(x86) HKCR\FunWebProducts.IECookiesManager\CLSID
(x86) HKCR\FunWebProducts.IECookiesManager\CurVer
(x86) HKCR\FunWebProducts.IECookiesManager.1
(x86) HKCR\FunWebProducts.IECookiesManager.1\CLSID
(x86) HKCR\FunWebProducts.KillerObjManager
(x86) HKCR\FunWebProducts.KillerObjManager\CLSID
(x86) HKCR\FunWebProducts.KillerObjManager\CurVer
(x86) HKCR\FunWebProducts.KillerObjManager.1
(x86) HKCR\FunWebProducts.KillerObjManager.1\CLSID
(x86) HKCR\FunWebProducts.PopSwatterBarButton
(x86) HKCR\FunWebProducts.PopSwatterBarButton\CLSID
(x86) HKCR\FunWebProducts.PopSwatterBarButton\CurVer
(x86) HKCR\FunWebProducts.PopSwatterBarButton.1
(x86) HKCR\FunWebProducts.PopSwatterBarButton.1\CLSID
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl\CLSID
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl\CurVer
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl.1
(x86) HKCR\FunWebProducts.PopSwatterSettingsControl.1\CLSID
(x86) HKCR\MyWebSearch.ChatSessionPlugin
(x86) HKCR\MyWebSearch.ChatSessionPlugin\CLSID
(x86) HKCR\MyWebSearch.ChatSessionPlugin\CurVer
(x86) HKCR\MyWebSearch.ChatSessionPlugin.1
(x86) HKCR\MyWebSearch.ChatSessionPlugin.1\CLSID
(x86) HKCR\MyWebSearch.HTMLPanel
(x86) HKCR\MyWebSearch.HTMLPanel\CLSID
(x86) HKCR\MyWebSearch.HTMLPanel\CurVer
(x86) HKCR\MyWebSearch.HTMLPanel.1
(x86) HKCR\MyWebSearch.HTMLPanel.1\CLSID
(x86) HKCR\MyWebSearch.OutlookAddin
(x86) HKCR\MyWebSearch.OutlookAddin\CLSID
(x86) HKCR\MyWebSearch.OutlookAddin\CurVer
(x86) HKCR\MyWebSearch.OutlookAddin.1
(x86) HKCR\MyWebSearch.OutlookAddin.1\CLSID
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin\CLSID
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin\CurVer
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin.1
(x86) HKCR\MyWebSearch.PseudoTransparentPlugin.1\CLSID
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin\CLSID
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin\CurVer
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin.1
(x86) HKCR\MyWebSearchToolBar.SettingsPlugin.1\CLSID
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin\CLSID
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin\CurVer
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin.1
(x86) HKCR\MyWebSearchToolBar.ToolbarPlugin.1\CLSID
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller\CLSID
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller\CurVer
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller.1
(x86) HKCR\ScreenSaverControl.ScreenSaverInstaller.1\CLSID
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Control
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Programmable
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\Version
(x86) HKCR\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\ProgID
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\Programmable
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\TypeLib
(x86) HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\VersionIndependentProgID
(x86) HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
(x86) HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Control
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\MiscStatus\1
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\ProgID
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Programmable
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\TypeLib
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\Version
(x86) HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\VersionIndependentProgID
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\ProgID
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\VersionIndependentProgID
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Control
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Programmable
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\TypeLib
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\Version
(x86) HKCR\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\Programmable
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\TypeLib
(x86) HKCR\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\ProgID
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\Programmable
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\VersionIndependentProgID
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
(x86) HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Control
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\MiscStatus\1
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Programmable
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\Version
(x86) HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
(x86) HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32
(x86) HKCR\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\ProgID
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\Programmable
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\TypeLib
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\VersionIndependentProgID
(x86) HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
(x86) HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32
(x86) HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\ProgID
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\VersionIndependentProgID
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\MiscStatus\1
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\ProgID
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Programmable
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\TypeLib
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\Version
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\VersionIndependentProgID
(x86) HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
(x86) HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\Programmable
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\TypeLib
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\Programmable
(x86) HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\MiscStatus\1
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\ProgID
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Programmable
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\TypeLib
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\Version
(x86) HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\VersionIndependentProgID
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\MiscStatus\1
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\ProgID
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Programmable
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\TypeLib
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\Version
(x86) HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\VersionIndependentProgID
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\ProgID
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\Programmable
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\TypeLib
(x86) HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\VersionIndependentProgID
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\Programmable
(x86) HKCR\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\TypeLib
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Control
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\MiscStatus\1
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Programmable
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\Version
(x86) HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\FLAGS
(x86) HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\FLAGS
(x86) HKCR\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\FLAGS
(x86) HKCR\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\FLAGS
(x86) HKCR\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\FLAGS
(x86) HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\FLAGS
(x86) HKCR\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\FLAGS
(x86) HKCR\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\FLAGS
(x86) HKCR\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
(x86) HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\FLAGS
(x86) HKCR\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\FLAGS
(x86) HKCR\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\FLAGS
(x86) HKCR\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR
(x86) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x86) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x86) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x86) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x86) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
(x86) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
(x86) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
(x86) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
(x86) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
(x86) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
(x86) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
(x86) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
(x86) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
(x86) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
(x86) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
(x86) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x86) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x86) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x86) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x86) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x86) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
(x86) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
(x86) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
(x86) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
(x86) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
(x86) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
(x86) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x86) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
(x86) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
(x86) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x86) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x86) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
(x86) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
(x86) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
(x86) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
(x86) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
(x86) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
(x86) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
(x86) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
(x86) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
(x86) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
(x86) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
(x86) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
(x86) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
(x86) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
(x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
(x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
(x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
(x86) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
(x86) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
(x86) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
(x86) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x86) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
(x86) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
(x86) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
(x86) HKLM\Software\FocusInteractive
(x86) HKLM\Software\FocusInteractive\bar
(x86) HKLM\Software\FocusInteractive\bar\Switches
(x86) HKLM\Software\FocusInteractive\bar\Switches#ok
(x86) HKLM\Software\FocusInteractive\bar\Switches#od
(x86) HKLM\Software\FocusInteractive\bar\Switches#nk
(x86) HKLM\Software\FocusInteractive\bar\Switches#nd
(x86) HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#msn.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#waol.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#aim.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#icq.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#b2.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#googletalk.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#winmail.exe
(x86) HKLM\Software\FocusInteractive\bar\Switches#winmail.exe.mui
(x86) HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
(x86) HKLM\Software\FocusInteractive\bar\Switches#ua
(x86) HKLM\Software\FocusInteractive\bar\Switches#au
(x86) HKLM\Software\FocusInteractive\bar\Switches#ps
(x86) HKLM\Software\FocusInteractive\bar\Switches#nodns
(x86) HKLM\Software\FocusInteractive\bar\Switches#ffTabs
(x86) HKLM\Software\FocusInteractive\bar\Switches#hpp
(x86) HKLM\Software\FocusInteractive\Email-IM
(x86) HKLM\Software\FocusInteractive\Email-IM\0
(x86) HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
(x86) HKLM\Software\FocusInteractive\Email-IM\0#AppName
(x86) HKLM\Software\FocusInteractive\Email-IM\0#Path
(x86) HKLM\Software\FocusInteractive\Outlook
(x86) HKLM\Software\FocusInteractive\Outlook#MyWebSearch.OutlookAddin
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#DisplayName
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#HelpLink
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#Publisher
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UninstallString
(x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall#UrlInfoAbout
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Type
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#Start
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ErrorControl
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ImagePath
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#DisplayName
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#WOW64
(x86) HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService#ObjectName
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome
C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.log
C:\Program Files (x86)\MyWebSearch\bar\1.bin\ThirdPartyInstallers

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Fri 24 Aug 2012, 12:18 pm

(SUPERANTISPYWARE LOG CONTINUED)

C:\Program Files (x86)\MyWebSearch\bar\1.bin
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Avatar
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game
C:\Program Files (x86)\MyWebSearch\bar\gen1\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\gen1
C:\Program Files (x86)\MyWebSearch\bar\History
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg
C:\Program Files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\jsifb
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Message
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Overlay
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files (x86)\MyWebSearch\bar\Settings
C:\Program Files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\wbnotify
C:\Program Files (x86)\MyWebSearch\bar
C:\Program Files (x86)\MyWebSearch
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\chrome
C:\Program Files (x86)\FunWebProducts\Installr\1.bin
C:\Program Files (x86)\FunWebProducts\Installr
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images
C:\Program Files (x86)\FunWebProducts\ScreenSaver
C:\Program Files (x86)\FunWebProducts
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Run#My Web Search Bar Search Scope Monitor [ "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h ]
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Run#MyWebSearch Email Plugin [ C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe ]
(x86) HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
(x86) HKCR\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
(x86) HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
(x86) HKCR\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
(x86) HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKCR\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
(x86) HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
(x86) HKCR\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
(x86) HKLM\Software\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
(x86) HKCR\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
(x86) HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
(x86) HKCR\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
(x86) HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
(x86) HKCR\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\MSIMG32.DLL
C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\RICHED20.DLL
(x86) HKCR\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}
(x86) HKCR\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x86) HKCR\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x86) HKCR\Interface\{7473D298-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x86) HKCR\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
(x86) HKCR\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\ProxyStubClsid32
(x86) HKCR\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\TypeLib
(x86) HKCR\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}\TypeLib#Version
(x86) HKCR\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}
(x86) HKCR\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}\ProxyStubClsid32
(x86) HKCR\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}\TypeLib
(x86) HKCR\Interface\{AAA9C380-E19A-4436-88F6-02942C31CC9E}\TypeLib#Version
(x86) HKCR\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}
(x86) HKCR\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}\ProxyStubClsid32
(x86) HKCR\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}\TypeLib
(x86) HKCR\Interface\{AAA9C381-E19A-4436-88F6-02942C31CC9E}\TypeLib#Version

Adware.Tracking Cookie
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\USF6TSX0.txt [ /ads.pixfuture.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\WKPE8ERA.txt [ /network.realmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Z4TSJB6A.txt [ /steelhousemedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\HQ8JFBZR.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CQJI9V6U.txt [ /www.pornhub.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CDMMCQHY.txt [ /statcounter.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\JSV6V0SU.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\W1710B7T.txt [ /linksynergy.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\X62BC0QK.txt [ /2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\XS96GC7W.txt [ /atdmt.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MLAW9BEI.txt [ /porninspector.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\WTLKAUTE.txt [ /at.atwola.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\I6OCWS2T.txt [ /ads.undertone.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\10F3L7VN.txt [ /realmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\LDOCBC1J.txt [ /girls-with-no-panties.666sexting.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MOBI8RWF.txt [ /yourpornpal.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\7SOF9EQB.txt [ /clicksor.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\X88AGTVO.txt [ /ad-g.doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KJ4IYX2E.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\S7MNIOYU.txt [ /ads.adgoto.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\L9WUO2G8.txt [ /andomedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\HX26E73P.txt [ /ads.trafficjunky.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MFVXT9TI.txt [ /247realmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\8ZB8K1NH.txt [ /lucidmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DF65CST9.txt [ /questionmarket.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\PR20ZSPR.txt [ /revsci.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TWWK6VAV.txt [ /casalemedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\9WWMNG3C.txt [ /dc.tremormedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\T28NWWZ0.txt [ /trafficmp.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TU04CT7N.txt [ /citygridmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AILBQU3E.txt [ /imrworldwide.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DC5YFS94.txt [ /collective-media.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\N2661NIF.txt [ /c.gigcount.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ZOKRRLR6.txt [ /serving-sys.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\GVGFY47C.txt [ /ads.gamerpublishing.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KXR8OQ3B.txt [ /adfarm1.adition.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\4RYMZGBO.txt [ /adinterax.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TSNLZCQF.txt [ /tribalfusion.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\EZG6O97H.txt [ /adxpose.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\7OAKCGJ4.txt [ /delivery.trafficjunky.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\F5095340.txt [ /apmebf.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\96GPJTFX.txt [ /ads.us.e-planning.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\XYJE5VFY.txt [ /media6degrees.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\RN7VW0S1.txt [ /adlegend.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\PTDUNYRQ.txt [ /insightexpressai.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\9CCGHPEV.txt [ /clickbank.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\EAB6HJYR.txt [ /sexandfunstuff.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\97E0JO2W.txt [ /sexandfunstuff.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\44779OTJ.txt [ /insight.torbit.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\6EGZGTDW.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\IT4XCQNO.txt [ /ox-d.mediaforge.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\63DGWY5N.txt [ /adtech.de ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AH53OOE7.txt [ /mediaplex.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\2538E3ZV.txt [ /tradedoubler.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MOFN502H.txt [ /ru4.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CMX5NCK9.txt [ /ads.crakmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Q6UUQNZQ.txt [ /specificclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\W4F6DMYM.txt [ /www.profimedia.si ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\SXY8TG19.txt [ /intermundomedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\10B4BIBE.txt [ /ad.360yield.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\38PE87UP.txt [ /mywebsearch.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3J3TC9ZH.txt [ /adbrite.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\0CURUEVN.txt [ /pro-market.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TO2S7SXM.txt [ /fastclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\FU2K135P.txt [ /ads.pubmatic.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\UPST1S09.txt [ /enoratraffic.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\M1EJ09Q3.txt [ /tacoda.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AGGZHV2E.txt [ /ad.yieldmanager.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\8563HYS9.txt [ /accounts.google.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\5F76I6KH.txt [ /advertising.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\WCY19X64.txt [ /yieldmanager.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DYMWAMSE.txt [ /bs.serving-sys.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3UKYTWFZ.txt [ /ads.pointroll.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CQWB2191.txt [ /myroitracking.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\LE4HDN8K.txt [ /pbteen.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\TCTR9TWQ.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\UKFDG8UR.txt [ /ads.intergi.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DKIGT0FF.txt [ /doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AEH80Y8C.txt [ /perfectnaked.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\RKN199M7.txt [ /pornhub.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\4SMSUF3T.txt [ /adserver.adtechus.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ZGWGKUYS.txt [ /zedo.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\O4PAPL1C.txt [ /adultfriendfinder.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ER5E7MTD.txt [ /server.cpmstar.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DOP0GBCQ.txt [ /ad2.adfarm1.adition.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\6GJWC0M4.txt [ /pointroll.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\41XY8U71.txt [ /statse.webtrendslive.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AU8ZO7SQ.txt [ /saymedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3BTWMC3M.txt [ /hearstmagazines.112.2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MKIR2YS8.txt [ /ads.corecpm.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MULEAM2C.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\O3RKO2QF.txt [ /ads.meredithads.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\YBAQK931.txt [ /invitemedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KF8YQSSB.txt [ /counter13.sextracker.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\YKYLYV87.txt [ /e-2dj6wjnycid5sfp.stats.esomniture.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\10H5VX2H.txt [ /banners.battleon.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AAIO0WFE.txt [ /a1.interclick.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\J14WO7SY.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\4NOK2RVS.txt [ /ads.ookla.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\1TGEQDQQ.txt [ /sales.liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\N3GGZLIZ.txt [ /ads.saymedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KBMPQ2IC.txt [ /freshtrackz.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KKJOGLWZ.txt [ /media.adfrontiers.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\0NRPUXBX.txt [ /ads.cartoonnetwork.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\5KD48L0W.txt [ /track.mdsmatch.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\OQKOZ5P0.txt [ /clickfuse.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\L3JULXYK.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DKYVUPOR.txt [ /roomandboard.122.2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ZU52YHGQ.txt [ /pcworldcommunication.122.2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\X0HH9H5I.txt [ /accounts.youtube.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\G9JFHNYM.txt [ /amazon-adsystem.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\6FB3RZLN.txt [ /e2itg.pbteen.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\VM48EJI2.txt [ /burstnet.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ZYRY9PJU.txt [ /kontera.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AWVFAC3L.txt [ /ad.wsod.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\G4KU0R57.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Z6AID0DN.txt [ /statsadv.dadapro.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\JJMFUB6Y.txt [ /yuppitraffic.info ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\VRDCMQQ1.txt [ /jeetyetmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DI2R7BXP.txt [ /openx.jeetyetmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\LTNFXIVM.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\JK19HFX5.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\1MXN6N3E.txt [ /googleads.g.doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\5HMLVZL3.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\FFDP94CC.txt [ /server.iad.liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\N2141NT9.txt [ /track.grmtracking.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\73BZGMBL.txt [ /sales.liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\O0MS2GSE.txt [ /e-2dj6wjliwidjibp.stats.esomniture.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\CDIIABQM.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\NJTTME9I.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3FVP2AQE.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3NMM64FT.txt [ /mediatraffic.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\RO3APUVT.txt [ /www.burstnet.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\K1S339ZT.txt [ /yadro.ru ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\HWAUG3GX.txt [ /interclick.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\93VL6R11.txt [ /cn.clickable.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\9TXSYHLU.txt [ /ero-advertising.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Z5ZXCJ65.txt [ /technoratimedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\D7XKZJ2J.txt [ /e-2dj6wfliskdjifo.stats.esomniture.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\VCFUD0SX.txt [ /test.sem-tracking-analytics.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\UAVXLTLN.txt [ /sextracker.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\5G3JT2O5.txt [ /doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\N86UH6FX.txt [ /tacoda.at.atwola.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\U3HJ31G1.txt [ /www.pbteen.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\XGZ0614J.txt [ /lfstmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\U0UZ7WDV.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\KY36U5HF.txt [ /traveladvertising.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\38APQR33.txt [ /sexandfunstuff.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\X0HAAHFL.txt [ /dmtracker.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\P91M7EC2.txt [ /in.getclicky.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\DBE96TTG.txt [ /citi.bridgetrack.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\2O6SZN5T.txt [ /ad.doubleclick.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\50Q2NYP4.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MD131AGQ.txt [ /tptracks.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\7P0HD2EY.txt [ /tracking.secure-offer.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\B7P0NPSN.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\T2JFS2VZ.txt [ /ad.yieldmanager.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\BGHYPRES.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\NXQZLQJ0.txt [ /edge.jeetyetmedia.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\64CUQR5I.txt [ /clickbooth.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\0JAPJHJK.txt [ /atwola.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\D9I76VHI.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\LT690A1X.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\55HEH8WI.txt [ /hyatt.112.2o7.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\QZU27YMF.txt [ /liveperson.net ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\NWPTKJE5.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\3MUL3TZY.txt [ /legolas-media.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\L2QQP621.txt [ /sandbox.mlnadvertising.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\M6GJX923.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\BOYYVPWS.txt [ /stat.dealtime.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\MHJ7SDTD.txt [ /ar.atwola.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\ETLQO9E7.txt [ /mediaforge.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\QAFVCZPR.txt [ /tracking.alwaysdownloads.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\Q9PSG0MV.txt [ /view.atdmt.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\AKFMPN17.txt [ /track.linktraker.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\8PMYKAUQ.txt [ /www.googleadservices.com ]
C:\Users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Cookies\1BUTPWZE.txt [ /liveperson.net ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\ZEM7WD8I.txt [ Cookie:fabfrommfamily@adsonar.com/adserving ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\15PPBE4W.txt [ Cookie:fabfrommfamily@cricket-stumps.com/cpvtrack/ ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\NTER4IYD.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UROZTRS8.txt [ Cookie:fabfrommfamily@us.adserver.yahoo.com/ ]
C:\USERS\FABFROMMFAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XH26TN2O.txt [ Cookie:fabfrommfamily@accounts.google.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\WKPE8ERA.txt [ Cookie:fabfrommfamily@network.realmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\Z4TSJB6A.txt [ Cookie:fabfrommfamily@steelhousemedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\HQ8JFBZR.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\CQJI9V6U.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\CDMMCQHY.txt [ Cookie:fabfrommfamily@statcounter.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\JSV6V0SU.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\X62BC0QK.txt [ Cookie:fabfrommfamily@2o7.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\WTLKAUTE.txt [ Cookie:fabfrommfamily@at.atwola.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\10F3L7VN.txt [ Cookie:fabfrommfamily@realmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\LDOCBC1J.txt [ Cookie:fabfrommfamily@girls-with-no-panties.666sexting.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\X88AGTVO.txt [ Cookie:fabfrommfamily@ad-g.doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\KJ4IYX2E.txt [ Cookie:fabfrommfamily@liveperson.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\L9WUO2G8.txt [ Cookie:fabfrommfamily@andomedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\HX26E73P.txt [ Cookie:fabfrommfamily@ads.trafficjunky.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\MFVXT9TI.txt [ Cookie:fabfrommfamily@247realmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\8ZB8K1NH.txt [ Cookie:fabfrommfamily@lucidmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\TWWK6VAV.txt [ Cookie:fabfrommfamily@casalemedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\9WWMNG3C.txt [ Cookie:fabfrommfamily@dc.tremormedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\T28NWWZ0.txt [ Cookie:fabfrommfamily@trafficmp.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AILBQU3E.txt [ Cookie:fabfrommfamily@imrworldwide.com/cgi-bin ]
C:\USERS\FABFROMMFAMILY\Cookies\DC5YFS94.txt [ Cookie:fabfrommfamily@collective-media.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\N2661NIF.txt [ Cookie:fabfrommfamily@c.gigcount.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ZOKRRLR6.txt [ Cookie:fabfrommfamily@serving-sys.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\TSNLZCQF.txt [ Cookie:fabfrommfamily@tribalfusion.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\EZG6O97H.txt [ Cookie:fabfrommfamily@adxpose.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\7OAKCGJ4.txt [ Cookie:fabfrommfamily@delivery.trafficjunky.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\F5095340.txt [ Cookie:fabfrommfamily@apmebf.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\XYJE5VFY.txt [ Cookie:fabfrommfamily@media6degrees.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\RN7VW0S1.txt [ Cookie:fabfrommfamily@adlegend.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\PTDUNYRQ.txt [ Cookie:fabfrommfamily@insightexpressai.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\9CCGHPEV.txt [ Cookie:fabfrommfamily@clickbank.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\EAB6HJYR.txt [ Cookie:fabfrommfamily@sexandfunstuff.com/wp-content/plugins ]
C:\USERS\FABFROMMFAMILY\Cookies\97E0JO2W.txt [ Cookie:fabfrommfamily@sexandfunstuff.com/wp-admin ]
C:\USERS\FABFROMMFAMILY\Cookies\44779OTJ.txt [ Cookie:fabfrommfamily@insight.torbit.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\6EGZGTDW.txt [ Cookie:fabfrommfamily@liveperson.net/hc/65168756 ]
C:\USERS\FABFROMMFAMILY\Cookies\IT4XCQNO.txt [ Cookie:fabfrommfamily@ox-d.mediaforge.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\63DGWY5N.txt [ Cookie:fabfrommfamily@adtech.de/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AH53OOE7.txt [ Cookie:fabfrommfamily@mediaplex.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\MOFN502H.txt [ Cookie:fabfrommfamily@ru4.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\CMX5NCK9.txt [ Cookie:fabfrommfamily@ads.crakmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\W4F6DMYM.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\SXY8TG19.txt [ Cookie:fabfrommfamily@intermundomedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\3J3TC9ZH.txt [ Cookie:fabfrommfamily@adbrite.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\0CURUEVN.txt [ Cookie:fabfrommfamily@pro-market.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\UPST1S09.txt [ Cookie:fabfrommfamily@enoratraffic.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\M1EJ09Q3.txt [ Cookie:fabfrommfamily@tacoda.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AGGZHV2E.txt [ Cookie:fabfrommfamily@ad.yieldmanager.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\8563HYS9.txt [ Cookie:fabfrommfamily@accounts.google.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\5F76I6KH.txt [ Cookie:fabfrommfamily@advertising.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\WCY19X64.txt [ Cookie:fabfrommfamily@yieldmanager.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\DYMWAMSE.txt [ Cookie:fabfrommfamily@bs.serving-sys.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\CQWB2191.txt [ Cookie:fabfrommfamily@myroitracking.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\TCTR9TWQ.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\DKIGT0FF.txt [ Cookie:fabfrommfamily@doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AEH80Y8C.txt [ Cookie:fabfrommfamily@perfectnaked.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\4SMSUF3T.txt [ Cookie:fabfrommfamily@adserver.adtechus.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ZGWGKUYS.txt [ Cookie:fabfrommfamily@zedo.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\O4PAPL1C.txt [ Cookie:fabfrommfamily@adultfriendfinder.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ER5E7MTD.txt [ Cookie:fabfrommfamily@server.cpmstar.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\41XY8U71.txt [ Cookie:fabfrommfamily@statse.webtrendslive.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AU8ZO7SQ.txt [ Cookie:fabfrommfamily@saymedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\3BTWMC3M.txt [ Cookie:fabfrommfamily@hearstmagazines.112.2o7.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\MULEAM2C.txt [ Cookie:fabfrommfamily@liveperson.net/hc/76226072 ]
C:\USERS\FABFROMMFAMILY\Cookies\KF8YQSSB.txt [ Cookie:fabfrommfamily@counter13.sextracker.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AAIO0WFE.txt [ Cookie:fabfrommfamily@a1.interclick.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\1TGEQDQQ.txt [ Cookie:fabfrommfamily@sales.liveperson.net/hc/76226072 ]
C:\USERS\FABFROMMFAMILY\Cookies\N3GGZLIZ.txt [ Cookie:fabfrommfamily@ads.saymedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\KBMPQ2IC.txt [ Cookie:fabfrommfamily@freshtrackz.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\KKJOGLWZ.txt [ Cookie:fabfrommfamily@media.adfrontiers.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\5KD48L0W.txt [ Cookie:fabfrommfamily@track.mdsmatch.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\OQKOZ5P0.txt [ Cookie:fabfrommfamily@clickfuse.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\L3JULXYK.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\ZU52YHGQ.txt [ Cookie:fabfrommfamily@pcworldcommunication.122.2o7.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\X0HH9H5I.txt [ Cookie:fabfrommfamily@accounts.youtube.com/accounts ]
C:\USERS\FABFROMMFAMILY\Cookies\G9JFHNYM.txt [ Cookie:fabfrommfamily@amazon-adsystem.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\VM48EJI2.txt [ Cookie:fabfrommfamily@burstnet.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ZEM7WD8I.txt [ Cookie:fabfrommfamily@adsonar.com/adserving ]
C:\USERS\FABFROMMFAMILY\Cookies\ZYRY9PJU.txt [ Cookie:fabfrommfamily@kontera.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\G4KU0R57.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\JJMFUB6Y.txt [ Cookie:fabfrommfamily@yuppitraffic.info/ ]
C:\USERS\FABFROMMFAMILY\Cookies\VRDCMQQ1.txt [ Cookie:fabfrommfamily@jeetyetmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\1MXN6N3E.txt [ Cookie:fabfrommfamily@googleads.g.doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\5HMLVZL3.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\FFDP94CC.txt [ Cookie:fabfrommfamily@server.iad.liveperson.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\N2141NT9.txt [ Cookie:fabfrommfamily@track.grmtracking.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\73BZGMBL.txt [ Cookie:fabfrommfamily@sales.liveperson.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\O0MS2GSE.txt [ Cookie:fabfrommfamily@e-2dj6wjliwidjibp.stats.esomniture.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\CDIIABQM.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\NJTTME9I.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\3NMM64FT.txt [ Cookie:fabfrommfamily@mediatraffic.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\RO3APUVT.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\K1S339ZT.txt [ Cookie:fabfrommfamily@yadro.ru/ ]
C:\USERS\FABFROMMFAMILY\Cookies\15PPBE4W.txt [ Cookie:fabfrommfamily@cricket-stumps.com/cpvtrack/ ]
C:\USERS\FABFROMMFAMILY\Cookies\93VL6R11.txt [ Cookie:fabfrommfamily@cn.clickable.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\9TXSYHLU.txt [ Cookie:fabfrommfamily@ero-advertising.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\Z5ZXCJ65.txt [ Cookie:fabfrommfamily@technoratimedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\D7XKZJ2J.txt [ Cookie:fabfrommfamily@e-2dj6wfliskdjifo.stats.esomniture.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\VCFUD0SX.txt [ Cookie:fabfrommfamily@test.sem-tracking-analytics.com/test/ ]
C:\USERS\FABFROMMFAMILY\Cookies\UAVXLTLN.txt [ Cookie:fabfrommfamily@sextracker.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\NTER4IYD.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\5G3JT2O5.txt [ Cookie:fabfrommfamily@doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\N86UH6FX.txt [ Cookie:fabfrommfamily@tacoda.at.atwola.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\U0UZ7WDV.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\KY36U5HF.txt [ Cookie:fabfrommfamily@traveladvertising.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\X0HAAHFL.txt [ Cookie:fabfrommfamily@dmtracker.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\P91M7EC2.txt [ Cookie:fabfrommfamily@in.getclicky.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\2O6SZN5T.txt [ Cookie:fabfrommfamily@ad.doubleclick.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\50Q2NYP4.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\MD131AGQ.txt [ Cookie:fabfrommfamily@tptracks.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\T2JFS2VZ.txt [ Cookie:fabfrommfamily@ad.yieldmanager.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\BGHYPRES.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\NXQZLQJ0.txt [ Cookie:fabfrommfamily@edge.jeetyetmedia.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\64CUQR5I.txt [ Cookie:fabfrommfamily@clickbooth.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\0JAPJHJK.txt [ Cookie:fabfrommfamily@atwola.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\LT690A1X.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\55HEH8WI.txt [ Cookie:fabfrommfamily@hyatt.112.2o7.net/ ]
C:\USERS\FABFROMMFAMILY\Cookies\QZU27YMF.txt [ Cookie:fabfrommfamily@liveperson.net/hc/40112812 ]
C:\USERS\FABFROMMFAMILY\Cookies\NWPTKJE5.txt [ Cookie:fabfrommfamily@[You must be registered and logged in to see this link.] ]
C:\USERS\FABFROMMFAMILY\Cookies\3MUL3TZY.txt [ Cookie:fabfrommfamily@legolas-media.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\L2QQP621.txt [ Cookie:fabfrommfamily@sandbox.mlnadvertising.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\BOYYVPWS.txt [ Cookie:fabfrommfamily@stat.dealtime.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\ETLQO9E7.txt [ Cookie:fabfrommfamily@mediaforge.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\QAFVCZPR.txt [ Cookie:fabfrommfamily@tracking.alwaysdownloads.com/ ]
C:\USERS\FABFROMMFAMILY\Cookies\Q9PSG0MV.txt [ Cookie:fabfrommfamily@view.atdmt.com/UJ3/iview/403345096/direct/01/ ]
C:\USERS\FABFROMMFAMILY\Cookies\AKFMPN17.txt [ Cookie:fabfrommfamily@track.linktraker.com/ ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\FABFROMMFAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OSS947H.DEFAULT\COOKIES.SQLITE ]

PUP.Gamevance
(x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\InprocServer32
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\ProgID
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\Programmable
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\TypeLib
(x86) HKCR\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}\VersionIndependentProgID
(x86) HKCR\RivalGaming.Module.1
(x86) HKCR\RivalGaming.Module.1\CLSID
(x86) HKCR\RivalGaming.Module
(x86) HKCR\RivalGaming.Module\CLSID
(x86) HKCR\RivalGaming.Module\CurVer
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0\0
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0\0\win32
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0\FLAGS
(x86) HKCR\TypeLib\{275DA4CE-9717-4da7-B19B-490CB937718F}\1.0\HELPDIR
C:\USERS\FABFROMMFAMILY\APPDATA\LOCAL\RIVALGAMING\RIVALGAMING.DLL
(x86) HKU\S-1-5-21-2349935502-4117598282-3216927103-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26D675AC-D925-4BBF-A720-62C2AA4A81EB}
(x86) HKCR\Interface\{DECB1BC9-7B19-411B-85B7-2B9FF33E2BE7}
(x86) HKCR\Interface\{DECB1BC9-7B19-411B-85B7-2B9FF33E2BE7}\ProxyStubClsid32
(x86) HKCR\Interface\{DECB1BC9-7B19-411B-85B7-2B9FF33E2BE7}\TypeLib
(x86) HKCR\Interface\{DECB1BC9-7B19-411B-85B7-2B9FF33E2BE7}\TypeLib#Version
(x86) HKCR\Interface\{F03DA033-A35C-4F66-8849-5F68A181F632}
(x86) HKCR\Interface\{F03DA033-A35C-4F66-8849-5F68A181F632}\ProxyStubClsid32
(x86) HKCR\Interface\{F03DA033-A35C-4F66-8849-5F68A181F632}\TypeLib
(x86) HKCR\Interface\{F03DA033-A35C-4F66-8849-5F68A181F632}\TypeLib#Version

PUP.MyWebSearch-Installer
C:\USERS\FABFROMMFAMILY\APPDATA\LOCALLOW\FUNWEBPRODUCTS\INSTALLR\CACHE\5018827C.EXE

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Fri 24 Aug 2012, 1:49 pm

Malwarebytes Anti-Malware 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.08.23.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
FabFrommFamily :: LIBRARY [administrator]

8/23/2012 8:20:43 PM
mbam-log-2012-08-23 (20-20-43).txt

Scan type: Full scan (C:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444757
Time elapsed: 46 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 47
HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\FabFrommFamily\AppData\LocalLow\Chimpoo_3aEI\Installr\Cache\02A5DF83.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
J:\old computer files\My Documents\FLVPlayerSetup-1.exe (Adware.Agent) -> Quarantined and deleted successfully.
J:\old computer files\My Documents\FLVPlayerSetup-2.exe (Adware.Agent) -> Quarantined and deleted successfully.
J:\old computer files\My Documents\FLVPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Fri 24 Aug 2012, 2:00 pm

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7931b63e-6ba3-4f38-9d55-5b518a03be02}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{02A9B082-D8E6-4AB1-9ABA-4656B853E300}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02A9B082-D8E6-4AB1-9ABA-4656B853E300}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7931b63e-6ba3-4f38-9d55-5b518a03be02}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7931b63e-6ba3-4f38-9d55-5b518a03be02}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8EEB896-B588-46AF-ACBE-40CAB69FCE39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8EEB896-B588-46AF-ACBE-40CAB69FCE39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F631367A-31A0-437C-8821-AEB57AB46912}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F631367A-31A0-437C-8821-AEB57AB46912}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}\ not found.
File C:\Users\FabFrommFamily\AppData\Local\RivalGaming\RivalGaming.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
File C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE not found.
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08232012_220006

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Fri 24 Aug 2012, 2:01 pm

OK - I believe all instructions were followed... thanks for helping - awaiting further instructions.

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on Sat 25 Aug 2012, 6:33 am

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
********************************************************
Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Sat 25 Aug 2012, 7:29 am

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Smart PC Cleaner v3.0
Java(TM) 6 Update 34
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Sat 25 Aug 2012, 7:33 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-24 15:30:23
-----------------------------
15:30:23.625 OS Version: Windows x64 6.1.7601 Service Pack 1
15:30:23.625 Number of processors: 8 586 0x2A07
15:30:23.625 ComputerName: LIBRARY UserName:
15:30:32.283 Initialize success
15:31:21.224 AVAST engine defs: 12082402
15:31:45.775 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:31:45.775 Disk 0 Vendor: ST320006 CC44 Size: 1907729MB BusType: 3
15:31:45.791 Disk 0 MBR read successfully
15:31:45.791 Disk 0 MBR scan
15:31:45.791 Disk 0 Windows VISTA default MBR code
15:31:45.791 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
15:31:45.807 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 23258 MB offset 81920
15:31:45.822 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1884430 MB offset 47714304
15:31:45.838 Disk 0 scanning C:\Windows\system32\drivers
15:31:53.061 Service scanning
15:32:05.182 Modules scanning
15:32:05.182 Disk 0 trace - called modules:
15:32:05.197 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:32:05.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e4f4060]
15:32:05.197 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d4c6050]
15:32:14.027 AVAST engine scan C:\Windows
15:32:19.487 Disk 0 MBR has been saved successfully to "C:\Virus Removal 001\MBR.dat"
15:32:19.503 The log file has been saved successfully to "C:\Virus Removal 001\aswMBR2.txt"



thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Sat 25 Aug 2012, 7:33 am

Both scans done - awaiting your review - thank you.

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on Sat 25 Aug 2012, 9:27 am

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************
Sorry for getting you to run aswMBR.exe again. I missed it the first time.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Mon 27 Aug 2012, 9:32 am

ComboFix 12-08-25.04 - FabFrommFamily 08/26/2012 16:58:37.1.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16366.14806 [GMT -5:00]
Running from: c:\virus removal 001\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{30FC4FC8-4857-4ADC-9930-0A1B2CB4D363}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56192587-B613-4639-8042-29AE150CF355}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{78D41CE3-86DE-4991-BC21-5671B1679DFD}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5FCCB6E-512B-43E2-9CA2-D0634DDD6FFD}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C3CEA727-92DC-4AAD-ADB5-68AB1163F94F}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8013E1E-581D-4AA1-9EE9-D7099D9D17FC}.xps
c:\users\FabFrommFamily\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F907BC74-1FD6-4313-9ADD-B95A9DBD0471}.xps
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\bing.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\google.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\yahoo.ico
c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\users\FabFrommFamily\AppData\Roaming\Microsoft\Microsoft
c:\users\FabFrommFamily\gotomypc_635.exe
J:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-24 03:00 . 2012-08-24 03:00 -------- d-----w- C:\_OTL
2012-08-24 02:56 . 2012-08-24 02:56 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-24 01:20 . 2012-08-24 01:20 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\Malwarebytes
2012-08-24 01:20 . 2012-08-24 01:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-24 01:20 . 2012-08-24 01:20 -------- d-----w- c:\programdata\Malwarebytes
2012-08-24 01:20 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-23 23:50 . 2012-08-23 23:50 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\SUPERAntiSpyware.com
2012-08-23 23:50 . 2012-08-23 23:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-23 23:50 . 2012-08-23 23:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-23 00:48 . 2012-08-26 21:53 -------- d-----w- C:\Virus Removal 001
2012-08-15 23:08 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 23:08 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 23:08 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 23:08 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 23:08 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 23:08 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 23:08 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 23:08 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 23:08 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 23:08 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 23:08 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 23:08 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-07 14:09 . 2012-08-07 14:09 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\Smart PC Cleaner
2012-08-07 13:39 . 2012-08-07 13:39 -------- d-----w- c:\users\FabFrommFamily\AppData\Local\visi_coupon
2012-08-07 13:39 . 2012-08-07 13:39 -------- d-----w- c:\program files (x86)\mefeediatest
2012-08-07 13:39 . 2012-08-07 13:39 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\program files (x86)\Yontoo
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\programdata\Tarma Installer
2012-08-07 13:38 . 2012-08-26 22:06 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\DefaultTab
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\program files (x86)\Smart PC Cleaner
2012-08-07 13:38 . 2012-08-24 01:11 -------- d-----w- c:\users\FabFrommFamily\AppData\Local\RivalGaming
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\programdata\Yahoo!
2012-08-07 13:38 . 2012-08-08 03:13 -------- d-----w- c:\programdata\Yahoo! Companion
2012-08-07 13:38 . 2012-08-07 13:38 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\Yahoo!
2012-08-07 13:08 . 2012-08-07 13:08 -------- d-----w- c:\users\FabFrommFamily\AppData\Roaming\RealNetworks
2012-07-28 02:10 . 2012-08-03 20:15 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-28 02:10 . 2012-08-26 21:49 -------- d-----w- c:\program files (x86)\Steam
2012-07-28 02:09 . 2012-07-28 02:09 -------- d-----w- c:\users\FabFrommFamily\AppData\Local\AVG Secure Search
2012-07-28 02:09 . 2012-07-30 00:02 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-28 02:09 . 2012-07-28 02:09 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-28 02:09 . 2012-07-28 02:09 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-28 02:09 . 2012-07-28 02:09 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-28 02:09 . 2012-07-28 02:09 -------- d--h--w- c:\programdata\Common Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 02:56 . 2011-09-21 01:57 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-16 08:00 . 2012-04-25 14:00 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 20:11 . 2012-06-20 12:42 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 20:11 . 2011-09-21 01:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 02:02 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 13:49 . 2012-06-06 13:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 02:02 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 02:02 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 02:01 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 02:02 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 02:02 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 02:01 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 08:08 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 08:08 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 08:08 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 08:08 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 08:08 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 08:08 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 08:08 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 08:08 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 08:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 02:02 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 02:02 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 02:02 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 02:02 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 02:02 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 02:02 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 02:02 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 02:02 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 02:02 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}]
2011-05-04 16:04 81920 ----a-w- c:\program files (x86)\mefeediatest\w3itemplateX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2012-02-01 23:18 136192 ----a-w- c:\program files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{154d932f-dc51-4a4f-9d52-b78b1419d3b4}"= "c:\program files (x86)\mefeediatest\w3itemplateX.dll" [2011-05-04 81920]
.
[HKEY_CLASSES_ROOT\clsid\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-30 1945536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"Smart PC Cleaner"="c:\program files (x86)\Smart PC Cleaner\SPCLauncher.exe" [2012-01-28 80016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-02-05 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-28 1147488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\FabFrommFamily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\SymcPCCULaunchSvc.exe [2011-09-29 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe [2011-09-29 126392]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-07-28 830048]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-14 113120]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-28 31080]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 20:11]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 15:23]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 15:23]
.
2012-08-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-22 c:\windows\Tasks\RGames Updater.job
- c:\users\FabFrommFamily\AppData\Local\RivalGaming\Updater.exe [2012-08-07 13:38]
.
2012-08-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task dd4ca465-1386-4d51-8bdf-6edab67a1ec4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f1550eca-662b-4fb5-9390-9723ac7b6bd6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF29688.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF29688.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 28164389-3bd8-47ec-b28f-095faa61849e
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,easyinline,trafficvanceads
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-DefaultTab - c:\users\FabFrommFamily\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.15.91\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\MiscStatus\1]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-26 17:30:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 22:30
.
Pre-Run: 1,794,406,866,944 bytes free
Post-Run: 1,794,610,548,736 bytes free
.
- - End Of File - - 44C48B3CDF8FE9D8029AA37F4C8EF7FE

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on Mon 27 Aug 2012, 10:26 am

Please download Rooter and Save it to your desktop.

  • Double click it to start the tool.Vista and Windows7 run as administrator.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Mon 27 Aug 2012, 10:51 am

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 14.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:1840 Go - Free:1671 Go )
D:\ [CD_Rom]
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Fixed-FAT32] .. ( Total:93 Go - Free:24 Go )
K:\ [Removable]
.
Scan : 18:50.06
Path : C:\Virus Removal 001\Rooter.exe
User : FabFrommFamily ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ???R?????? (384)
______ ???R?????? (500)
______ ???R?????? (528)
______ ???R?????? (548)
______ ???R?????? (584)
______ ???R?????? (628)
______ ???R?????? (648)
______ ???R?????? (656)
______ ???R?????? (756)
______ ???R?????? (828)
______ ???R?????? (904)
______ ???R?????? (940)
______ ???R?????? (996)
______ ???R?????? (160)
______ ???R?????? (368)
______ ???R?????? (652)
______ ???R?????? (1148)
______ ???R?????? (1192)
______ ???R?????? (1300)
______ ???R?????? (1420)
______ ???R?????? (1584)
______ ???R?????? (956)
______ ???R?????? (1576)
______ ???R?????? (2036)
______ C:\Virus Removal 001\Rooter.exe (1352)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41943040 | Length:24387780608)
\Device\Harddisk0\Partition3 (Start_Offset:24429723648 | Length:1975968071680)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\Tasks\RGames Updater.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task dd4ca465-1386-4d51-8bdf-6edab67a1ec4.job
C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f1550eca-662b-4fb5-9390-9723ac7b6bd6.job
C:\Windows\Tasks\SystemToolsDailyTest.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 18:50.34
.
C:\Rooter$\Rooter_1.txt - (26/08/2012 | 18:50.34)

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Mon 27 Aug 2012, 10:53 am

Also, I was not able to update Java as I'm having to work in safe mode & the "windows installer" will not run in safe mode. I tried working in normal windows but both Iexplorer & firefox are hijacked to the point where they are unusable. Cannot open any URL address at all.

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on Mon 27 Aug 2012, 12:31 pm

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.
**************************************************************
Please download Farbar Service Scanner and run it on the computer with the issue.

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Mon 27 Aug 2012, 12:51 pm

MiniToolBox by Farbar Version: 23-07-2012
Ran by FabFrommFamily (administrator) on 26-08-2012 at 20:49:22
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Library
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 38-59-F9-BB-DB-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 78-2B-CB-B7-51-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 38-59-F9-BB-DB-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25e5:8f60:f471:c188%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 5:27:38 PM
Lease Expires . . . . . . . . . . : Monday, August 27, 2012 5:29:09 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 188242425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-0B-16-94-78-2B-CB-B7-51-DF
DNS Servers . . . . . . . . . . . : 208.180.42.68
208.180.42.100
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: google.com
Addresses: 2001:4860:4002:802::1000
74.125.227.72
74.125.227.73
74.125.227.78
74.125.227.64
74.125.227.65
74.125.227.66
74.125.227.67
74.125.227.68
74.125.227.69
74.125.227.70
74.125.227.71


Pinging google.com [74.125.227.73] with 32 bytes of data:
Reply from 74.125.227.73: bytes=32 time=49ms TTL=53
Reply from 74.125.227.73: bytes=32 time=48ms TTL=53

Ping statistics for 74.125.227.73:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 49ms, Average = 48ms
Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=94ms TTL=48
Reply from 98.139.183.24: bytes=32 time=131ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 94ms, Maximum = 131ms, Average = 112ms
Server: rdns01.suddenlink.net
Address: 208.180.42.68

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...38 59 f9 bb db 37 ......Microsoft Virtual WiFi Miniport Adapter
12...78 2b cb b7 51 df ......Broadcom NetLink (TM) Gigabit Ethernet
11...38 59 f9 bb db 37 ......DW1520 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.120 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.120 276
192.168.1.120 255.255.255.255 On-link 192.168.1.120 276
192.168.1.255 255.255.255.255 On-link 192.168.1.120 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.120 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.120 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::25e5:8f60:f471:c188/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2012 05:29:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:09:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:57:20 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (08/26/2012 04:57:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (08/26/2012 04:57:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (08/26/2012 04:53:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:50:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:59:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:56:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:48:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/26/2012 05:31:19 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/26/2012 05:29:17 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:07 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/26/2012 05:29:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/26/2012 05:29:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:09:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:57:20 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (08/26/2012 04:57:20 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/26/2012 04:57:20 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/26/2012 04:53:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:50:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:59:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:56:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/23/2012 09:48:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


========================= Memory info: ===================================

Percentage of memory in use: 7%
Total physical RAM: 16366.45 MB
Available physical RAM: 15065.31 MB
Total Pagefile: 32731.08 MB
Available Pagefile: 31519.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.67 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1840.26 GB) (Free:1671.47 GB) NTFS
8 Drive j: () (Fixed) (Total:93.33 GB) (Free:24.57 GB) FAT32

========================= Users: ========================================

User accounts for \\LIBRARY

Administrator FabFrommFamily Guest


**** End of log ****

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on Mon 27 Aug 2012, 12:52 pm

Farbar Service Scanner Version: 06-08-2012
Ran by FabFrommFamily (administrator) on 26-08-2012 at 20:50:14
Running from "C:\Virus Removal 001"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

thwhite70

Newbie Surfer
Newbie Surfer

Posts : 31
Joined : 2012-08-23
Operating System : Windows 7

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on Tue 28 Aug 2012, 6:31 am

Still having problems in Normal Mode with your browsers?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Sponsored content Today at 11:00 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum