Page 1 of 5 12345 LastLast
Results 1 to 10 of 42

Thread: The_official_survey pop up

  1. #1
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default The_official_survey pop up

    Hello,
    I have been a persistent pop up from the-official-survey.com. I alter itself to whichever site I have linked to. Running Spybot doesn't help.

    DDS.txt:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.17.2
    Run by Tom at 16:54:01 on 2013-06-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4063.1423 [GMT -4:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exeaswMBR_25_06_2013.txtAttach_25_06_2013.zip
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
    C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
    C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/ig?brand=SNNT&bmod=SNNT
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    uDefault_Search_URL = hxxp://www.google.com/ie
    uProxyServer = hxxp=127.0.0.1:5555
    uProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Playtopus Games: {8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - C:\Users\Tom\AppData\Local\Playtopus\Playtopus.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
    TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32H230VF05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
    uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [NokiaInternetModem_AppStart.exe] "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" "-start" "C:\Program Files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem.exe"
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [RogersServicepointAgent.exe] "C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" /AUTORUN
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    StartupFolder: C:\Users\Tom\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    TCP: NameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6} : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6}\4516C6C60596E656 : DHCPNameServer = 64.71.255.204 64.71.255.198
    TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6}\C45736B6973456461627 : DHCPNameServer = 64.71.255.204 64.71.255.198
    TCP: Interfaces\{490893E7-3B83-466D-8ADD-E91F526A37A6}\C45736B6973456461627D27657563747 : DHCPNameServer = 64.71.255.198
    TCP: Interfaces\{D8C66690-0689-439D-B5E1-88727E74FD60} : DHCPNameServer = 64.71.255.198 64.71.255.253
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    IFEO: msoxmled.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: mspview.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: vaiocare.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    IFEO: visio.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: msoxmled.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    x64-IFEO: mspview.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    x64-IFEO: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    x64-IFEO: vaiocare.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    x64-IFEO: visio.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\
    FF - prefs.js: browser.startup.homepage - hxxp://ca.my.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\nprpspa.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-06-15 10:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-06-21 10:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: !HIDDEN! 2010-02-21 13:03; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2010-02-21 13:09; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-20 55280]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-28 45856]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-21 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 L4301_Solar;Logitech Solar Keyboard Service;C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-2-21 189984]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-24 1153368]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-20 104960]
    R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-20 19968]
    R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-23 36392]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-2-21 5435904]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2007-8-3 11392]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-5-18 11856]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1c9d948b3cbde68;Google Update Service (gupdate1c9d948b3cbde68);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-20 133104]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
    S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-23 300032]
    S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-17 44480]
    S3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;C:\Windows\System32\drivers\nokia_cs1x_cdc_acm.sys [2010-4-22 98304]
    S3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;C:\Windows\System32\drivers\nokia_cs1x_cdc_ecm.sys [2010-4-22 53760]
    S3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;C:\Windows\System32\drivers\nokia_cs1x_cpo.sys [2010-4-22 13824]
    S3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;C:\Windows\System32\drivers\nokia_cs1x_dc_enum.sys [2010-4-22 97280]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-13 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-20 394536]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-20 110376]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736]
    S4 RogersUpdateManager;Rogers Update Manager;C:\Program Files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [2010-6-3 163840]
    S4 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-21 167424]
    S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-2-21 120104]
    S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-2-21 70952]
    S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-2-21 427304]
    S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-2-21 75048]
    S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-2-21 91432]
    S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
    .
    =============== File Associations ===============
    .
    ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-06-24 14:13:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-06-24 14:13:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2013-06-21 14:21:32 -------- d-----w- C:\Users\Tom\AppData\Roaming\RealNetworks
    2013-06-21 14:19:19 -------- d-----w- C:\ProgramData\RealNetworks
    2013-06-21 14:19:19 -------- d-----w- C:\Program Files (x86)\RealNetworks
    2013-06-21 14:18:51 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2013-06-15 14:45:36 -------- d-----w- C:\Users\Tom\AppData\Roaming\1O1L1I1PtF1F1C1N
    2013-06-12 13:28:22 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-06-12 13:27:57 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-06-12 13:27:56 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-06-09 23:39:16 -------- d-----w- C:\Program Files\iPod
    2013-06-09 23:39:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-09 23:39:15 -------- d-----w- C:\Program Files\iTunes
    2013-06-09 23:39:15 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-06-03 15:33:03 -------- d-----w- C:\ProgramData\Visan
    2013-06-03 15:33:03 -------- d-----w- C:\ProgramData\HP Photo Creations
    2013-06-03 15:33:03 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
    2013-05-27 00:27:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-05-27 00:27:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-05-27 00:27:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-05-27 00:27:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-05-27 00:27:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2013-05-27 00:27:58 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    2013-05-27 00:27:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    2013-05-27 00:27:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    2013-05-27 00:27:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    2013-05-27 00:27:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    .
    ==================== Find3M ====================
    .
    2013-06-21 14:18:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-06-21 14:18:29 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-06-12 18:18:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 18:18:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-21 00:30:17 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2013-03-29 06:53:48 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    .
    ============= FINISH: 16:54:49.75 ===============


    Hope you can help,

    Thanks,

    Tom

  2. #2
    Malware Team
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    139

    Default The_official_survey pop up

    Hello, warsawtom. Welcome to Safer Networking Forums.

    My name is fbfbfb. I will gladly assist you with your concerns.

    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my best to keep it as short as possible.

    I am checking over your HJT log now, and I will post back shortly with instructions.

    While working to resolve the issues with your machine, please follow these guidelines:
    • Please be patient. Logs are lengthy and can take time to analyze.
    • Read and follow my directions carefully, in the sequence they are posted.
    • If you are unsure about anything, please ask for clarification before continuing.
    • Use only those tools that you have been directed to use.
    • Do not install or uninstall any applications or run any other scans without being directed to do so.
    • Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
    • Stay with me until your machine has been deemed all clear.
    • Please reply within 3 days of each posting to avoid closing this topic. If you need more time to complete tasks, or if you will be away, please let me know in advance.

  3. #3
    Malware Team
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    139

    Default The_official_survey pop up

    Hello, warsawtom.

    Thank you for the DDS and aswMBR logs. Please let me know if you installed the following programs, or if they were installed without your permission:

    • Advertising Center
    • Market Research

    Please run the following scans

    1. ComboFix

    Note: Before you begin, please read through these instructions completely, noting all important messages and warnings.
    • Please download ComboFix from HERE or HERE.

    Very Important! Save ComboFix.exe to to your Desktop.
    • Close all browsers.
    • Disable your AntiVirus and AntiSpyware applications as they can interfere with running ComboFix. To disable any security programs:
    • Right click on the System Tray icon, or
    • Refer to this link HERE for further assistance.
    • Double click on ComboFix.exe and follow the prompts.
    • When finished, ComboFix will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Warnings:
    • Do not mouse-click on ComboFix's window while it is running. This may cause it to stall.
    • Do not re-run ComboFix. If problems occur with the installation or running of ComboFix, please reply back for further instructions.
    • Do not attempt to surf the internet while ComboFix is scanning.
    Note: If there is no internet connection after running ComboFix, reboot your computer to restore the connection.

    Very Important! Make sure you re-enable your security programs when ComboFix is finished.

    2. Security Check

    Please download Security Check from HERE or HERE.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt. This may take a few minutes.

    Please copy and paste the contents of that document into your next reply.

  4. #4
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    "Hi fbfbfb,
    I have replied to your last post, including the logs you have requested. Can you confirm that you have received these ? I'm not sure if I should see my reply in the thread...
    Thanks,"

    Quote Originally Posted by fbfbfb View Post
    Hello, warsawtom.

    Thank you for the DDS and aswMBR logs. Please let me know if you installed the following programs, or if they were installed without your permission:

    • Advertising Center
    • Market Research

    Please run the following scans

    1. ComboFix

    Note: Before you begin, please read through these instructions completely, noting all important messages and warnings.
    • Please download ComboFix from HERE or HERE.

    Very Important! Save ComboFix.exe to to your Desktop.
    • Close all browsers.
    • Disable your AntiVirus and AntiSpyware applications as they can interfere with running ComboFix. To disable any security programs:
    • Right click on the System Tray icon, or
    • Refer to this link HERE for further assistance.
    • Double click on ComboFix.exe and follow the prompts.
    • When finished, ComboFix will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Warnings:
    • Do not mouse-click on ComboFix's window while it is running. This may cause it to stall.
    • Do not re-run ComboFix. If problems occur with the installation or running of ComboFix, please reply back for further instructions.
    • Do not attempt to surf the internet while ComboFix is scanning.
    Note: If there is no internet connection after running ComboFix, reboot your computer to restore the connection.

    Very Important! Make sure you re-enable your security programs when ComboFix is finished.

    2. Security Check

    Please download Security Check from HERE or HERE.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt. This may take a few minutes.

    Please copy and paste the contents of that document into your next reply.

  5. #5
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    "Hi fbfbfb again,
    It seems that my reply wasn't posted properly, so here it is again:

    I have not knowingly installed Advertising Center or Market Research programs.

    ComboFix log:

    ComboFix 13-06-30.01 - Tom 01/07/2013 20:09:39.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4063.2199 [GMT -4:00]
    Running from: c:\users\Tom\Desktop\Recovery-Analysis\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\Tom\AppData\Local\Playtopus\PlAYtopus.dll
    c:\users\Tom\GoToAssistDownloadHelper.exe
    c:\windows\SysWow64\system
    c:\windows\wininit.ini
    .
    c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-06-02 to 2013-07-02 )))))))))))))))))))))))))))))))
    .
    .
    2013-07-02 01:29 . 2013-07-02 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-07-01 20:55 . 2013-07-01 20:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-01 20:47 . 2013-07-01 20:47 -------- d-----w- c:\programdata\McAfee
    2013-06-25 20:50 . 2013-06-25 20:50 -------- d-----w- c:\program files (x86)\ERUNT
    2013-06-24 15:17 . 2013-06-24 15:17 -------- d-----w- c:\users\Administrator
    2013-06-24 14:13 . 2013-06-25 01:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2013-06-24 14:13 . 2013-06-24 14:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-06-21 14:21 . 2013-06-21 14:21 -------- d-----w- c:\users\Tom\AppData\Roaming\RealNetworks
    2013-06-21 14:19 . 2013-06-21 14:19 -------- d-----w- c:\program files (x86)\RealNetworks
    2013-06-21 14:19 . 2013-06-21 14:19 -------- d-----w- c:\programdata\RealNetworks
    2013-06-21 14:18 . 2013-06-21 14:18 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2013-06-15 14:45 . 2013-06-15 14:45 -------- d-----w- c:\users\Tom\AppData\Roaming\1O1L1I1PtF1F1C1N
    2013-06-12 13:28 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
    2013-06-12 13:27 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-06-12 13:27 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-06-09 23:39 . 2013-06-09 23:39 -------- d-----w- c:\program files\iPod
    2013-06-09 23:39 . 2013-06-09 23:39 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-09 23:39 . 2013-06-09 23:39 -------- d-----w- c:\program files\iTunes
    2013-06-09 23:39 . 2013-06-09 23:39 -------- d-----w- c:\program files (x86)\iTunes
    2013-06-03 15:33 . 2013-06-03 15:33 -------- d-----w- c:\programdata\Visan
    2013-06-03 15:33 . 2013-06-03 15:33 -------- d-----w- c:\programdata\HP Photo Creations
    2013-06-03 15:33 . 2013-06-03 15:33 -------- d-----w- c:\program files (x86)\HP Photo Creations
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-01 20:54 . 2012-10-25 22:06 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-07-01 20:54 . 2012-10-25 22:06 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-06-26 22:32 . 2012-09-29 01:26 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-06-21 14:18 . 2013-02-08 00:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-06-21 14:18 . 2013-02-08 00:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-06-13 22:47 . 2011-09-14 03:11 75825640 ----a-w- c:\windows\system32\MRT.exe
    2013-06-12 18:18 . 2012-03-29 20:17 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-12 18:18 . 2011-05-30 22:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2013-04-13 05:49 . 2013-05-17 21:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-17 21:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-17 21:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-17 21:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-17 21:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-17 21:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45 . 2013-04-25 01:16 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-10 06:01 . 2013-05-17 21:12 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-04-10 06:01 . 2013-05-17 21:12 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-04-10 03:30 . 2013-05-17 21:12 3153920 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-03 15:16 175400 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-06-26 22:32 3055280 ----a-w- c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-03 15:16 175400 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-06-26 3055280]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
    "HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    "ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2013-02-15 14731776]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "NokiaInternetModem_AppStart.exe"="c:\program files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2010-11-22 137728]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "RogersServicepointAgent.exe"="c:\program files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-26 2236080]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-6-5 27370808]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 1076264]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-4 1148944]
    WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-9-10 525664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-07-14 16:15 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 gupdate1c9d948b3cbde68;Google Update Service (gupdate1c9d948b3cbde68);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
    R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\nokia_cs1x_cdc_acm.sys [x]
    R3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\nokia_cs1x_cdc_ecm.sys [x]
    R3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\nokia_cs1x_cpo.sys [x]
    R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\nokia_cs1x_dc_enum.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 RogersUpdateManager;Rogers Update Manager;c:\program files (x86)\Rogers\Update Manager\RogersUpdateManager.exe;c:\program files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [x]
    R4 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
    R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
    R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]
    R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
    R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
    R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]
    R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
    S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
    S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5v64.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - AVGIDSEH
    *Deregistered* - AVGIDSFilter
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-20 22:45 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:18]
    .
    2013-07-01 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-04-28 22:24]
    .
    2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-20 12:44]
    .
    2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-20 12:44]
    .
    2013-07-02 c:\windows\Tasks\Playtopus Updater.job
    - c:\users\Tom\AppData\Local\PLAYTO~1\Updater.dll [2013-06-26 15:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 7938080]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-03 1833504]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 134160]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/ig?brand=SNNT&bmod=SNNT
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\
    FF - prefs.js: browser.startup.homepage - hxxp://ca.my.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
    FF - ExtSQL: 2013-06-15 10:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-06-21 10:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: !HIDDEN! 2010-02-21 13:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2010-02-21 13:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{8EBA1B69-99D8-4135-BD43-729BA79D5CC4} - c:\users\Tom\AppData\Local\Playtopus\Playtopus.dll
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3800285366-3137695839-4107012604-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\781\3045020EF1922A56]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-3800285366-3137695839-4107012604-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Cygnus Solutions\Cygwin]
    @Class="cygnus"
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-3800285366-3137695839-4107012604-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ffffffff\MS0001#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-3800285366-3137695839-4107012604-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\I.R.I.S.\DPE]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\04\06\017%"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-07-01 21:35:16
    ComboFix-quarantined-files.txt 2013-07-02 01:35
    .
    Pre-Run: 179,825,070,080 bytes free
    Post-Run: 180,368,670,720 bytes free
    .
    - - End Of File - - 1F29BE5044B4451669B039F4D602539C
    A36C5E4F47E84449FF07ED3517B43A31

    Security Check log:

    Results of screen317's Security Check version 0.99.68
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    Spybot - Search & Destroy
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    TuneUp Utilities 2011
    Java(TM) 6 Update 17
    Java 7 Update 25
    Java(TM) SE Runtime Environment 6
    Adobe Flash Player 11.7.700.224
    Adobe Reader XI
    Mozilla Firefox (22.0)
    Google Chrome 27.0.1453.110
    Google Chrome 27.0.1453.116
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Spybot Teatimer.exe is disabled!
    AVG avgwdsvc.exe
    Rogers Online Protection Rogers Servicepoint Agent RogersServicepointAgent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    Thanks"

    Quote Originally Posted by warsawtom View Post
    "Hi fbfbfb,
    I have replied to your last post, including the logs you have requested. Can you confirm that you have received these ? I'm not sure if I should see my reply in the thread...
    Thanks,"

  6. #6
    Malware Team
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    139

    Default The_official_survey pop up

    Hello, warsawtom.

    Yes, I have just received your ComboFix and Security Check logs. I will analyze your logs and post back to you as soon as I can. Thanks.

  7. #7
    Malware Team
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    139

    Default The_official_survey pop up

    Hello, warsawtom. Thank your or your CF and Security Check logs.

    Please run the following scans

    1. ComboFix

    Very Important!

    Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix and can cause unpredictable results.

    Please open Notepad:
    • Start > Run.
    • Type notepad in the Open field
    • Click OK.
    • Copy and paste the text inside the code box below:

    Code:
    KillAll::
    
    ClearJavaCache::
    
    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    • Save this as CFScript.txt to your desktop and change the "Save as type" to All Files.
    • Drag the CFScript.txt into ComboFix.exe as shown in the screenshot below:

    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, ComboFix will produce a log for you. Copy and paste the contents of the log in your next reply.

    WARNING
    • Do not mouse-click ComboFix's window while it is running. This may cause it to stall.
    • Do not attempt to surf the internet while ComboFix is scanning.

    Very Important! Make sure you re-enable your security programs when ComboFix is finished.

    2. AdwCleaner

    Please download AdwCleaner from HERE.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on the Delete button.
    • A logfile will automatically open after the scan has finished.
    • You can also find the logfile at C:\AdwCleaner[S1].txt.
    Copy and paste the adwcleaner.txt report into your next reply.

    3. Junkware Removal Tool

    Please download Junkware Removal Tool from HERE and save it to your desktop.
    • Shutdown your antivirus to avoid any potential conflicts.
    • Right-mouse click JRT.exe and select Run as Administrator.
    • JRTwill begin to backup your registry and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, the log JRT.txt is saved on your desktop and will automatically open.
    Post the contents of JRT.txt into your next reply.

    SUMMARY: In your next reply, please post the following:
    • ComboFix log
    • adwcleaner.txt
    • JRT.txt
    • Let me know how your computer is running after the scans.

  8. #8
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    "Hi fbfbfb, I have run the scans as per instructions. The pop-up still happens. In fact it just happened on the SpyBot page.
    Here are the logs. When I try to put all 3 logs in the same reply, I get an error, telling me that the reply is too large. So, I will send the in 2 separate replys:

    ComboFix log:

    ComboFix 13-06-30.01 - Tom 03/07/2013 10:58:36.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4063.2039 [GMT -4:00]
    Running from: c:\users\Tom\Desktop\Recovery-Analysis\ComboFix.exe
    Command switches used :: c:\users\Tom\Desktop\Recovery-Analysis\CFScript.txt
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 )))))))))))))))))))))))))))))))
    .
    .
    2013-07-03 15:06 . 2013-07-03 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-07-01 20:55 . 2013-07-01 20:54 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-07-01 20:47 . 2013-07-01 20:47 -------- d-----w- c:\programdata\McAfee
    2013-06-25 20:50 . 2013-06-25 20:50 -------- d-----w- c:\program files (x86)\ERUNT
    2013-06-24 15:17 . 2013-06-24 15:17 -------- d-----w- c:\users\Administrator
    2013-06-24 14:13 . 2013-06-25 01:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2013-06-24 14:13 . 2013-06-24 14:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-06-21 14:21 . 2013-06-21 14:21 -------- d-----w- c:\users\Tom\AppData\Roaming\RealNetworks
    2013-06-21 14:19 . 2013-06-21 14:19 -------- d-----w- c:\program files (x86)\RealNetworks
    2013-06-21 14:19 . 2013-06-21 14:19 -------- d-----w- c:\programdata\RealNetworks
    2013-06-21 14:18 . 2013-06-21 14:18 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2013-06-15 14:45 . 2013-06-15 14:45 -------- d-----w- c:\users\Tom\AppData\Roaming\1O1L1I1PtF1F1C1N
    2013-06-12 13:28 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
    2013-06-12 13:27 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
    2013-06-12 13:27 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
    2013-06-09 23:39 . 2013-06-09 23:39 -------- d-----w- c:\program files\iPod
    2013-06-09 23:39 . 2013-06-09 23:39 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-09 23:39 . 2013-06-09 23:39 -------- d-----w- c:\program files\iTunes
    2013-06-09 23:39 . 2013-06-09 23:39 -------- d-----w- c:\program files (x86)\iTunes
    2013-06-03 15:33 . 2013-06-03 15:33 -------- d-----w- c:\programdata\Visan
    2013-06-03 15:33 . 2013-06-03 15:33 -------- d-----w- c:\programdata\HP Photo Creations
    2013-06-03 15:33 . 2013-06-03 15:33 -------- d-----w- c:\program files (x86)\HP Photo Creations
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-07-01 20:54 . 2012-10-25 22:06 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-07-01 20:54 . 2012-10-25 22:06 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-06-26 22:32 . 2012-09-29 01:26 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-06-21 14:18 . 2013-02-08 00:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-06-21 14:18 . 2013-02-08 00:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-06-13 22:47 . 2011-09-14 03:11 75825640 ----a-w- c:\windows\system32\MRT.exe
    2013-06-12 18:18 . 2012-03-29 20:17 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-06-12 18:18 . 2011-05-30 22:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2013-04-13 05:49 . 2013-05-17 21:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-17 21:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-17 21:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-17 21:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-17 21:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-17 21:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-04-12 14:45 . 2013-04-25 01:16 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-10 06:01 . 2013-05-17 21:12 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-04-10 06:01 . 2013-05-17 21:12 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-04-10 03:30 . 2013-05-17 21:12 3153920 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-01-03 15:16 175400 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2011-10-21 09:10 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}]
    c:\users\Tom\AppData\Local\Playtopus\Playtopus.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-06-26 22:32 3055280 ----a-w- c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-03 15:16 175400 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    c:\program files (x86)\Ask.com\GenericAskToolbar.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-06-26 3055280]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2011-10-21 87440]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [BU]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
    "HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    "ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2013-02-15 14731776]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "NokiaInternetModem_AppStart.exe"="c:\program files (x86)\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe" [2010-11-22 137728]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "RogersServicepointAgent.exe"="c:\program files (x86)\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgent.exe" [2009-02-27 3228912]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-06-26 2236080]
    "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
    .
    c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-6-5 27370808]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 1076264]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-4 1148944]
    WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-9-10 525664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-07-14 16:15 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 gupdate1c9d948b3cbde68;Google Update Service (gupdate1c9d948b3cbde68);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
    R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
    R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
    R3 nokia_cs1x_cdc_acm;Nokia Internet Stick CDC-ACM driver;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\nokia_cs1x_cdc_acm.sys [x]
    R3 nokia_cs1x_cdc_ecm;nokia_cs1x_cdc_ecm;c:\windows\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\nokia_cs1x_cdc_ecm.sys [x]
    R3 nokia_cs1x_cpo;Nokia Internet Stick Mass Storage Device;c:\windows\system32\DRIVERS\nokia_cs1x_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\nokia_cs1x_cpo.sys [x]
    R3 nokia_cs1x_dc_enum;Nokia Internet Stick DC Enumerator;c:\windows\system32\DRIVERS\nokia_cs1x_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\nokia_cs1x_dc_enum.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 RogersUpdateManager;Rogers Update Manager;c:\program files (x86)\Rogers\Update Manager\RogersUpdateManager.exe;c:\program files (x86)\Rogers\Update Manager\RogersUpdateManager.exe [x]
    R4 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
    R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
    R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]
    R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
    R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
    R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]
    R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
    S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe;c:\program files\Logitech\SolarApp\L4301_Solar.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
    S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5v64.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - AVGIDSEH
    *Deregistered* - AVGIDSFilter
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-20 22:45 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:18]
    .
    2013-07-03 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2013-04-28 22:24]
    .
    2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-20 12:44]
    .
    2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-20 12:44]
    .
    2013-07-03 c:\windows\Tasks\Playtopus Updater.job
    - c:\users\Tom\AppData\Local\PLAYTO~1\Updater.dll [2013-06-26 15:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 7938080]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-03 1833504]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 134160]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/ig?brand=SNNT&bmod=SNNT
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\
    FF - prefs.js: browser.startup.homepage - hxxp://ca.my.yahoo.com/
    FF - prefs.js: network.proxy.type - 4
    FF - ExtSQL: 2013-06-15 10:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - ExtSQL: 2013-06-21 10:19; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: !HIDDEN! 2010-02-21 13:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2010-02-21 13:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: extensions.autoDisableScopes - 0
    FF - user.js: extensions.shownSelectionUI - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3800285366-3137695839-4107012604-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\781\3045020EF1922A56]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-3800285366-3137695839-4107012604-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Cygnus Solutions\Cygwin]
    @Class="cygnus"
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-3800285366-3137695839-4107012604-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ffffffff\MS0001#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-3800285366-3137695839-4107012604-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\I.R.I.S.\DPE]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\04\06\017%"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    .
    **************************************************************************
    .
    Completion time: 2013-07-03 11:18:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-07-03 15:18
    ComboFix2.txt 2013-07-02 01:35
    .
    Pre-Run: 179,926,384,640 bytes free
    Post-Run: 179,464,904,704 bytes free
    .
    - - End Of File - - 870DC0E51C41513BA1215532B65D4523
    A36C5E4F47E84449FF07ED3517B43A31
    "

  9. #9
    Junior Member
    Join Date
    Jun 2013
    Posts
    22

    Default

    "Here is the rest:


    AdwCleaner Log:

    # AdwCleaner v2.304 - Logfile created 07/03/2013 at 11:44:14
    # Updated 03/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tom - TK-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tom\Desktop\Recovery-Analysis\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\searchplugins\Askcom.xml
    Folder Deleted : C:\Program Files (x86)\adawaretb
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\ConduitEngine
    Folder Deleted : C:\Program Files (x86)\Vuze_Remote
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Administrator\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Tom\AppData\Local\APN
    Folder Deleted : C:\Users\Tom\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
    Folder Deleted : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\adawaretb
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Tom\AppData\LocalLow\Vuze_Remote
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\adawaretb
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\CT2504091
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\avg@toolbar
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\extensions\toolbar@ask.com
    Folder Deleted : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\Smartbar
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
    Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
    Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\conduitEngine
    Key Deleted : HKLM\Software\DeviceVM
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEBBC339-61EC-4AEC-ADF1-C54BFEF75273}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\Vuze_Remote
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BEBBC339-61EC-4AEC-ADF1-C54BFEF75273}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E9E52A0-B53A-4E7E-97FC-90DF9A282B23}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63D03035-206A-4F9A-8065-FB9891D3057B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4F18862-85A3-4674-BE31-D4F2099EC804}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={E9050563-9B82-4072-9CFC-7ED5474789BE}&mid=b84741e069e1796bbce9410c40d7cdce-ea2609289a9aa147edfc56448c026736b64ce013&lang=en&ds=AVG&pr=fr&d=2011-11-15 18:44:36&v=9.0.0.22&sap=nt --> hxxp://www.google.com

    -\\ Mozilla Firefox v22.0 (en-US)

    File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\prefs.js

    C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yvjcv2ca.default\user.js ... Deleted !

    Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2504091.CTID", "CT2504091");
    Deleted : user_pref("CT2504091.CurrentServerDate", "9-2-2011");
    Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Tue Feb 08 2011 22:47:32 GMT-0500 (Eastern Standard Ti[...]
    Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
    Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Feb 08 2011 22:37:33 GMT-0500 (Eastern St[...]
    Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Feb 08 2011 22:37:33 GMT-0500 (Eastern St[...]
    Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
    Deleted : user_pref("CT2504091.FirstServerDate", "8-2-2011");
    Deleted : user_pref("CT2504091.FirstTime", true);
    Deleted : user_pref("CT2504091.FirstTimeFF3", true);
    Deleted : user_pref("CT2504091.FirstTimeSettingsDone", true);
    Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2504091.Initialize", true);
    Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 2);
    Deleted : user_pref("CT2504091.InstallationType", "UnknownIntegration");
    Deleted : user_pref("CT2504091.InstalledDate", "Mon Feb 07 2011 20:24:11 GMT-0500 (Eastern Standard Time)");
    Deleted : user_pref("CT2504091.IsGrouping", false);
    Deleted : user_pref("CT2504091.IsMulticommunity", false);
    Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
    Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
    Deleted : user_pref("CT2504091.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3MDIxNzI3Ng==");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3MDQ0MDYyMA==");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTU=");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTg=");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.[...]
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.e[...]
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", [...]
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=dan%20br[...]
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=the%20ki[...]
    Deleted : user_pref("CT2504091.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=underage[...]
    Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Tue Feb 08 2011 22:37:33 GMT-0500 (Eastern Standar[...]
    Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2504091.LastLogin_2.7.2.0", "Tue Feb 08 2011 22:37:33 GMT-0500 (Eastern Standard Time)"[...]
    Deleted : user_pref("CT2504091.LatestVersion", "2.7.2.0");
    Deleted : user_pref("CT2504091.Locale", "en-us");
    Deleted : user_pref("CT2504091.LoginCache", 4);
    Deleted : user_pref("CT2504091.LoginRevertSettingsEnabled", true);
    Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2504091.PG_ENABLE", "ZmFsc2U=");
    Deleted : user_pref("CT2504091.PG_ENABLE.enc", "ZmFsc2U=");
    Deleted : user_pref("CT2504091.SEARCH_BOX_CNT.enc", "Mw==");
    Deleted : user_pref("CT2504091.SF_JUST_INSTALLED.enc", "RkFMU0U=");
    Deleted : user_pref("CT2504091.SF_STATUS.enc", "RU5BQkxFRA==");
    Deleted : user_pref("CT2504091.SF_USER_ID.enc", "Y2lkXzIyNDIwMTMyMjM5NjkxNDc1MjY=");
    Deleted : user_pref("CT2504091.SearchAppState.enc", "Mw==");
    Deleted : user_pref("CT2504091.SearchAppTracking.enc", "c2VudA==");
    Deleted : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
    Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Tue Feb 08 2011 22:37:32 GMT-0500 (Eastern Stand[...]
    Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Tue Feb 08 2011 22:37:32 GMT-0500 (Eastern Standard Ti[...]
    Deleted : user_pref("CT2504091.SettingsLastUpdate", "1295944923");
    Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Mon Feb 07 2011 20:24:08 GMT-0500 (Eastern Sta[...]
    Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
    Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
    Deleted : user_pref("CT2504091.UserID", "UN79953406868216731");
    Deleted : user_pref("CT2504091._key_edilia__uID.enc", "OTgzMmJhMTktNGVhNy00MDVhLWE1M2YtNDRmZmE0ZGExMzc4");
    Deleted : user_pref("CT2504091.acp_personal.appstate.enc", "ZW5hYmxl");
    Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2504091.addressUrlXPETakeover", "true");
    Deleted : user_pref("CT2504091.alertChannelId", "897164");
    Deleted : user_pref("CT2504091.autoDisableScopes", 10);
    Deleted : user_pref("CT2504091.cb_experience_000.enc", "ODc=");
    Deleted : user_pref("CT2504091.cb_firstuse0100.enc", "MQ==");
    Deleted : user_pref("CT2504091.cb_user_id_000.enc", "Q0I1ODU5MDU4Nzk5Ml8xMzY1Mzc1NTE4OTQwX0ZpcmVmb3g=");
    Deleted : user_pref("CT2504091.cbfirsttime.enc", "U3VuIEFwciAwNyAyMDEzIDExOjIyOjU4IEdNVC0wNDAwIChFYXN0ZXJuIERh[...]
    Deleted : user_pref("CT2504091.clientLogIsEnabled", false);
    Deleted : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2504091.countryCode", "CA");
    Deleted : user_pref("CT2504091.defaultSearch", "false");
    Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2504091.enableAlerts", "true");
    Deleted : user_pref("CT2504091.enableFix404ByUser", "FALSE");
    Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT2504091.firstTimeDialogOpened", true);
    Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2504091.fixPageNotFoundErrorByUser", "true");
    Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2504091.fixUrls", true);
    Deleted : user_pref("CT2504091.fullUserID", "UN79953406868216731.UP.20130624100446");
    Deleted : user_pref("CT2504091.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
    Deleted : user_pref("CT2504091.installDate", "17/1/2013 21:26:54");
    Deleted : user_pref("CT2504091.installId", "conduitinstallerstub.exe");
    Deleted : user_pref("CT2504091.installType", "conduitnsisintegration");
    Deleted : user_pref("CT2504091.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2504091.keyword", "true");
    Deleted : user_pref("CT2504091.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Deleted : user_pref("CT2504091.lastVersion", "10.16.4.519");
    Deleted : user_pref("CT2504091.mam_gk_appStateReportTime.enc", "MTM3Mjg1NTg5Nzc3Nw==");
    Deleted : user_pref("CT2504091.mam_gk_appState_CouponBuddy.enc", "b24=");
    Deleted : user_pref("CT2504091.mam_gk_appState_Easytobook.enc", "b24=");
    Deleted : user_pref("CT2504091.mam_gk_appState_Easytobook_targeted.enc", "b24=");
    Deleted : user_pref("CT2504091.mam_gk_appState_PriceGong.enc", "b24=");
    Deleted : user_pref("CT2504091.mam_gk_appState_WindowShopper.enc", "b24=");
    Deleted : user_pref("CT2504091.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
    Deleted : user_pref("CT2504091.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
    Deleted : user_pref("CT2504091.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGF[...]
    Deleted : user_pref("CT2504091.mam_gk_currentBadgeValue.enc", "MQ==");
    Deleted : user_pref("CT2504091.mam_gk_currentVersion.enc", "MS44LjAuNA==");
    Deleted : user_pref("CT2504091.mam_gk_first_time.enc", "MQ==");
    Deleted : user_pref("CT2504091.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Deleted : user_pref("CT2504091.mam_gk_lastLoginTime.enc", "MTM3Mjg1NTg5NzY2NQ==");
    Deleted : user_pref("CT2504091.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
    Deleted : user_pref("CT2504091.mam_gk_newApps.enc", "W10=");
    Deleted : user_pref("CT2504091.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT2504091.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
    Deleted : user_pref("CT2504091.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
    Deleted : user_pref("CT2504091.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
    Deleted : user_pref("CT2504091.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT2504091.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
    Deleted : user_pref("CT2504091.mam_gk_userId.enc", "ZjI4ZWVhM2UtYWI0Yy00MzlhLWE0MmUtMDI4N2VjYWY5ZTUy");
    Deleted : user_pref("CT2504091.migrateAppsAndComponents", true);
    Deleted : user_pref("CT2504091.myStuffEnabled", true);
    Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Deleted : user_pref("CT2504091.openThankYouPage", "false");
    Deleted : user_pref("CT2504091.openUninstallPage", "false");
    Deleted : user_pref("CT2504091.price-gong.isManagedApp", "true");
    Deleted : user_pref("CT2504091.revertSettingsEnabled", "true");
    Deleted : user_pref("CT2504091.sac-country-code.enc", "IlVTIg==");
    Deleted : user_pref("CT2504091.sac-experiments-animation.enc", "eyJuYW1lIjoiMC43NSIsInZlcnNpb24iOjN9");
    Deleted : user_pref("CT2504091.sac-experiments-hover_effect.enc", "eyJuYW1lIjoic2hvcnQiLCJ2ZXJzaW9uIjoyfQ==");
    Deleted : user_pref("CT2504091.sac-experiments-image_analysis.enc", "eyJuYW1lIjoid2l0aG91dFN1YnRpdGxlIiwidmVyc[...]
    Deleted : user_pref("CT2504091.sac-experiments-peoplebar_call_to_action.enc", "eyJuYW1lIjoiMyIsInZlcnNpb24iOjR[...]
    Deleted : user_pref("CT2504091.sac-experiments-placement.enc", "eyJuYW1lIjoid3JlY2std2lkZSIsInZlcnNpb24iOjEyfQ[...]
    Deleted : user_pref("CT2504091.sac-experiments-play_icon.enc", "eyJuYW1lIjoibm8iLCJ2ZXJzaW9uIjoyfQ==");
    Deleted : user_pref("CT2504091.sac-experiments-taboola_config.enc", "eyJuYW1lIjoiYWxsVHlwZXMiLCJ2ZXJzaW9uIjozf[...]
    Deleted : user_pref("CT2504091.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM3MDQ3Mjk4MjkzMCwxNDQwMDAwMF1[...]
    Deleted : user_pref("CT2504091.sac-user-id.enc", "ImE4ZTgyMWZhLTczZTQtNGNkNS1iMWFmLTQxMDU5M2UxMTRhYiI=");
    Deleted : user_pref("CT2504091.sac-yt-first-ping.enc", "MTM3MDIxNzI3NDQ0OQ==");
    Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
    Deleted : user_pref("CT2504091.search.searchCount", "0");
    Deleted : user_pref("CT2504091.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2504091.searchSuggestEnabledByUser", "false");
    Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
    Deleted : user_pref("CT2504091.serviceLayer_services_Configuration_lastUpdate", "1372865341159");
    Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372624932432");
    Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1372865224963");
    Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372035349680");
    Deleted : user_pref("CT2504091.serviceLayer_services_location_lastUpdate", "1371998239116");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364335356414");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362530020386");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363304345153");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365970637964");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368094246913");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.16.1.521_lastUpdate", "1368621180584");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372041789441");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.16.4.519_lastUpdate", "1372865341559");
    Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372035349729");
    Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1372865341170");
    Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1372865340686");
    Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372035349632");
    Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1372865224911");
    Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1372171380653");
    Deleted : user_pref("CT2504091.settingsINI", true);
    Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2504091.showToolbarPermission", "false");
    Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
    Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
    Deleted : user_pref("CT2504091.startPage", "false");
    Deleted : user_pref("CT2504091.toolbarBornServerTime", "8-2-2011");
    Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "3-7-2013");
    Deleted : user_pref("CT2504091.toolbarLoginClientTime", "Thu Mar 14 2013 21:12:51 GMT-0400 (Eastern Daylight T[...]
    Deleted : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CT2504091.url_history0001.enc", "aHR0cDovL21sYi5tbGIuY29tL2hvbWUjbmV4dDo6OmNsaWNraGFuZGxl[...]
    Deleted : user_pref("CT2504091.whitelist.enc", "W3sibmFtZSI6IlRpbWUiLCJkb21haW5fcmVneCI6IiguKlxcLik/dGltZS5jb2[...]
    Deleted : user_pref("CT2504091.whitelist_ts.enc", "MTM3MDQ2NDY3OTkxMQ==");
    Deleted : user_pref("CT2504091.wreck-country-code.enc", "IlVTIg==");
    Deleted : user_pref("CT2504091.wreck-experiments-design.enc", "eyJuYW1lIjoibGlnaHQiLCJ2ZXJzaW9uIjo0fQ==");
    Deleted : user_pref("CT2504091.wreck-experiments-feed.enc", "eyJuYW1lIjoid3JlY2tBbmRUYWJvb2xhIiwidmVyc2lvbiI6M[...]
    Deleted : user_pref("CT2504091.wreck-experiments-hover_effect.enc", "eyJuYW1lIjoiaGFsZiIsInZlcnNpb24iOjF9");
    Deleted : user_pref("CT2504091.wreck-experiments-trigger.enc", "eyJuYW1lIjoieDAuNSIsInZlcnNpb24iOjF9");
    Deleted : user_pref("CT2504091.wreck-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzcwNDcyOTgyNzc2LDE0NDAwMDAwXX0="[...]
    Deleted : user_pref("CT2504091.wreck-user-id.enc", "ImZjMjM1ZDAzLTIwZGYtNGE4Ni1iYWQ3LTgzYThiZDQ0ZWYwZCI=");
    Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Deleted : user_pref("CommunityToolbar.EngineOwner", "");
    Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
    Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
    Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
    Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
    Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Apr 04 2011 23:01:34 GMT-04[...]
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Apr 04 2011 23:01:34 GMT-0400 (Eastern D[...]
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "1e046701-17f1-4fe7-98d5-ccd9d164f6f6");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties[...]
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
    Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
    Deleted : user_pref("extensions.asktb.apn_dbr", "cr_22.0.1229.94");
    Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
    Deleted : user_pref("extensions.asktb.cbid", "U3");
    Deleted : user_pref("extensions.asktb.config-updated", false);
    Deleted : user_pref("extensions.asktb.cr-o", "100000027cr");
    Deleted : user_pref("extensions.asktb.crumb", "2012.10.25+20.01.09-toolbar005iad-CA-TWFya2hhbSxDYW5hZGE%3D");
    Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
    Deleted : user_pref("extensions.asktb.displaybehavior", "");
    Deleted : user_pref("extensions.asktb.displaytext", "");
    Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYCA");
    Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
    Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "CAXX0273");
    Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
    Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
    Deleted : user_pref("extensions.asktb.ff19-config-first-run", "true");
    Deleted : user_pref("extensions.asktb.fresh-install", false);
    Deleted : user_pref("extensions.asktb.guid", "9A1661AA-3BF8-4B10-98D1-A3FB34A874DD");
    Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
    Deleted : user_pref("extensions.asktb.if", "su");
    Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
    Deleted : user_pref("extensions.asktb.l", "dis");
    Deleted : user_pref("extensions.asktb.last-config-req", "1372855889593");
    Deleted : user_pref("extensions.asktb.last-search-timestamp", "1370218703153");
    Deleted : user_pref("extensions.asktb.locale", "en_US");
    Deleted : user_pref("extensions.asktb.location", "Markham,Canada");
    Deleted : user_pref("extensions.asktb.lstation", "");
    Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
    Deleted : user_pref("extensions.asktb.news-native-on", true);
    Deleted : user_pref("extensions.asktb.o", "100000027");
    Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
    Deleted : user_pref("extensions.asktb.pstate", "");
    Deleted : user_pref("extensions.asktb.qsrc", "2871");
    Deleted : user_pref("extensions.asktb.r", "20");
    Deleted : user_pref("extensions.asktb.sa", "YES");
    Deleted : user_pref("extensions.asktb.saguid", "6AE313B8-6040-4E2E-9764-A712A97AA03D");
    Deleted : user_pref("extensions.asktb.search-history-queries", "dan brown inferno");
    Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
    Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
    Deleted : user_pref("extensions.asktb.silent-upgrade", true);
    Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
    Deleted : user_pref("extensions.asktb.socialmini-first", true);
    Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
    Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
    Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
    Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
    Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
    Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
    Deleted : user_pref("extensions.asktb.themeid", "");
    Deleted : user_pref("extensions.asktb.timeinstalled", "04/02/2013 3:21:33 PM");
    Deleted : user_pref("extensions.asktb.to", "");
    Deleted : user_pref("extensions.asktb.v", "3.15.25.100013");
    Deleted : user_pref("extensions.asktb.version", "5.15.25.36191");
    Deleted : user_pref("extensions.asktb.volume", "");
    Deleted : user_pref("extensions.enabledAddons", "%7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4,%7B87934c42-[...]
    Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Deleted : user_pref("smartbar.machineId", "FQINYOGAYFXAS+QHQVXLPYIBX/ME2QVTXAF53ENLHTP0FLQ/O89P71QYMQRS+41RFJH[...]
    Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&t[...]

    -\\ Google Chrome v27.0.1453.116

    File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.22] : icon_url = "hxxp://www.ask.com/favicon.ico",
    Deleted [l.25] : keyword = "ask.com",
    Deleted [l.29] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=9A[...]
    Deleted [l.30] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

    File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [43621 octets] - [03/07/2013 11:44:14]

    ########## EOF - C:\AdwCleaner[S1].txt - [43682 octets] ##########


    JRT log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Tom on 03/07/2013 at 11:55:13.08
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53843ACC-E15F-4A71-B201-AF8B1D2B9F40}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6EA305DC-22B4-44A4-B98C-6D87CD32423B}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\yvjcv2ca.default\extensions\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
    Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\yvjcv2ca.default\minidumps [200 files]



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Tom\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 03/07/2013 at 12:00:29.02
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Thanks"

  10. #10
    Malware Team
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    139

    Default The_official_survey pop up

    Hello, warsawtom. Thank you for your logs. Let's try to resolve the pop-up issue first:

    1. Uninstall the-official-survey.com

    • Click Start and select Control Panel.
    • When the Control Panel window opens, click on Uninstall a program found under the Programs category.
    • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
    • Look through the list of programs for the-official-survey.com. If it is there, left-click on it once to highlight it.
    • Click on the Uninstall button.
    • When asked if you are sure you want to uninstall, click Yes.
    • The program will uninstall, and when completed you will be back at the list of programs installed on your computer.
    • When finished, close the Programs and Features screen.

    2. Remove the program from Browser

    If the-official-survey.com appears in your browsers, continue as follows:

    For Internet Explorer:

    • Open Internet Explorer.
    • Click Tools > Manage Add-ons.
    • In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
    • Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
    • Highlight the extension (the-official-survey.com ) you wish to remove, and select Disable.
    • The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
    • Click Close to dismiss the add-ons window.

    For Firefox:

    • Open Firefox.
    • Click Tools > Add-ons.
    • In the Add-ons window, under Add-on Types select Extensions.
    • Click to highlight the extension (the-official-survey.com) you wish to remove and select Disable. If you want to delete an extension entirely, click Remove.
    • The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
    • Exit the Add-ons Manager window, and restart Firefox to complete the process.

    For Google Chrome

    • Open Google Chrome.
    • Click the wrench icon at the top right of the browser window.
    • Click Tools > Select Extensions to open the Options tab.
    • Uncheck Enabled to disable the extension (the-official-survey.com), or click Removeto delete it completely.

    3. Reset Your Home Page and Default Search Engine

    Removing the pop-up may have changed your browser settings (homepage, default search engines). If so, please follow the instructions found HERE.

    Please run the following scans

    1. Malwarebytes Anti-Malware

    Please download Malwarebytes from Here or Here.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan
    .




    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    Post the report please.

    2. ESET Online Scanner

    Note:
    • Disable any antivirus program and antispyware programs to avoid conflicts.
    • Run Eset with Internet Explorer, but if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
    • Please do not surf the internet while your security programs are disabled.
    • Let the scan run uninterrupted to avoid a stall.
    • Remember to enable your security programs when the scan has finished.

    Run ESET Online Scanner from HERE.
    • Click the green ESET Online Scanner button.
    • Read the End User License Agreement and check the box YES, I accept the Terms of Use.
    • Click on the Start button next to it.
    • If prompted, allow the Add-On/Active X to install.

    Under Computer scan settings:
    • Do not check Remove found threats
    • Check Scan Archives.
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
    • Wait for the scan to finish. When the scan completes, click List of found threats.
    • Click Export and save the file to your desktop using a unique name, such as ESETScan.
    • Copy and paste the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.

    SUMMARY: In your next reply, please post the following:

    • MBAM log
    • ESET log
    • Let me know if you are still experiencing the survey pop-up.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •