Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

[SOLVED] Too many pops up window...please help!

This is a discussion on [SOLVED] Too many pops up window...please help! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, I downloaded a window flash media to watch a movie and after downloaded the software Chrome browser became weird...so


 
 
Thread Tools Search this Thread
Old 11-20-2013, 07:47 PM   #1
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Hi,

I downloaded a window flash media to watch a movie and after downloaded the software Chrome browser became weird...so many pops up and the homepage I set won't stay. Some weird homepage became my default. Can someone please tell me what is going one with my system.

Window 7 Pro
64 bits


Thank you in advance for everyone help!

******

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Binh C Dinh at 22:23:59 on 2013-11-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.4774 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Binh C Dinh\AppData\Local\Akamai\netsession_win.exe
C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Binh C Dinh\AppData\Local\Akamai\netsession_win.exe
C:\ProgramData\Updater\updater.exe
C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\RHelpers\FireFoxHelper\FireFoxHelper.exe
C:\ProgramData\RHelpers\IEHelper\IeHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\Explorer.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p07_serp_ie_us_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_787557525f9343a89a5624259f721e77_30_46_20131117_US_ie_sp_IS0
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mStart Page = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mSearchAssistant = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mCustomizeSearch = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: CescrtHlpr Object: {112BA211-334C-4A90-90EC-2AD1CDAB287C} - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Binh C Dinh\AppData\Local\SySaver\temp.dat
BHO: Tube Dimmer: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\TubeDimmer\IE\common.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: BuzzSearch: {5cf5a690-c8f4-488e-9d20-f21aef602d41} - C:\Program Files (x86)\BuzzSearch\BuzzSearchbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131117104313.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Re-markit: {818f6ad9-ccf9-4cbd-8e66-3c29dd13115f} - C:\Program Files (x86)\Re-markit\135.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Iminent Toolbar: {1FAFD711-ABF9-4F6A-8130-5166C7371427} - C:\Program Files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [AdobeBridge] <no file>
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Updater] C:\ProgramData\Updater\Updater.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~2.LNK - C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~1.LNK - C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E}\2656C6B696E6E2565336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E}\454416E676 : DHCPNameServer = 192.168.2.1 24.159.64.23 24.217.201.67 66.189.0.100
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
AppInit_DLLs= acaptuser32.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
x64-mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
x64-mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mSearchAssistant = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-mCustomizeSearch = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130505082620.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-07 15:28; [email protected]; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\[email protected]
FF - ExtSQL: 2013-11-17 10:40; [email protected]; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\[email protected]
FF - ExtSQL: 2013-11-17 10:43; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-11-17 11:09; {623df3f2-d573-48b5-ae59-065b433dd24a}; C:\Program Files (x86)\Re-markit\135.xpi
FF - ExtSQL: 2013-11-19 21:00; [email protected]; C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=&q=
FF - user.js: extensions.mysearchdial.id - C0CB38ACF43BD8BE
FF - user.js: extensions.mysearchdial.instlDay - 16026
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.010:29:26
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1447941512
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R
FF - user.js: extensions.irmysearch.aflt - irmsd103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1447941512
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-7-11 27760]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-8-30 1109296]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-11-23 70112]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-7-11 348712]
.
=============== Created Last 30 ================
.
2013-11-20 05:01:30 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\SySaver
2013-11-17 19:53:36 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-17 19:53:36 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-17 19:53:36 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-11-17 19:17:23 -------- d-----w- C:\Program Files\Uninstaller
2013-11-17 19:15:48 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\OpenWebKitSharp Strings
2013-11-17 19:15:12 -------- d-----w- C:\Program Files (x86)\Olive
2013-11-17 19:10:03 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-11-17 19:09:12 -------- d-----w- C:\Program Files (x86)\Re-markit
2013-11-17 19:08:54 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\Weather_Notifications,_LL
2013-11-17 19:08:50 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\SevereWeatherAlerts
2013-11-17 18:56:50 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-11-17 18:54:27 114280 ------w- C:\Windows\SysWow64\acaptuser32.dll
2013-11-17 18:53:14 106088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-11-17 18:45:26 -------- d-----w- C:\Program Files (x86)\IminentToolbar
2013-11-17 18:45:22 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\iminent
2013-11-17 18:44:59 -------- d-----w- C:\Program Files (x86)\Iminent
2013-11-17 18:43:38 -------- d-----w- C:\Program Files (x86)\Gophoto.it
2013-11-17 18:43:33 -------- d-----w- C:\Program Files (x86)\FreeHDSport TV V6.0
2013-11-17 18:43:20 -------- d-----w- C:\Program Files (x86)\ATDheNetTVApp.com
2013-11-17 18:40:36 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-11-17 18:40:31 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab
2013-11-17 18:32:45 -------- d-----w- C:\ProgramData\Updater
2013-11-17 18:32:45 -------- d-----w- C:\ProgramData\RHelpers
2013-11-17 18:32:41 -------- d-----w- C:\ProgramData\TubeDimmer
2013-11-17 18:30:24 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-11-17 18:30:05 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\Programs
2013-11-17 18:29:35 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\mysearchdial
2013-11-17 18:29:31 -------- d-----w- C:\Program Files (x86)\BuzzSearch
2013-11-14 03:52:13 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-11-14 03:51:20 -------- d-----w- C:\Program Files\iPod
2013-11-14 03:51:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-14 03:51:18 -------- d-----w- C:\Program Files\iTunes
2013-11-14 03:51:18 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-14 03:12:39 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 03:12:36 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-14 03:12:18 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-14 03:12:14 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-14 03:12:13 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-14 03:12:13 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 03:12:13 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-14 03:12:13 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-14 03:12:13 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 0335 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-14 0335 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-14 03:03:11 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-14 03:03:10 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-14 03:03:10 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-14 03:03:10 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 03:03:10 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-06 04:11:26 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\Paltalk
2013-11-06 04:11:21 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger
2013-10-25 20:34:32 114520 ----a-w- C:\Windows\System32\Vxdif.dll
2013-10-25 20:34:30 489264 ----a-w- C:\Windows\System32\drivers\Apfiltr.sys
2013-10-23 04:47:42 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-23 04:47:41 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-23 04:47:41 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-23 04:47:41 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-23 04:47:40 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-23 04:47:40 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-23 04:47:40 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-23 04:16:25 -------- d--h--w- C:\Windows\msdownld.tmp
2013-10-23 04:14:13 -------- d-----w- C:\ProgramData\Oracle
2013-10-23 04:13:33 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-10-23 03:55:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-23 03:55:46 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 22:30:24.88 ===============
Attached Files
File Type: zip 6_attach.zip (4.6 KB, 80 views)
bcdinh is offline  
Sponsored Links
Advertisement
 
Old 11-22-2013, 02:11 AM   #2
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hello and welcome to TSF.

Please note that more than one round may be needed to properly eradicate malware. In co-operation with the cleaning process, please:
  • do not uninstall/install any programs unless asked to do so, to make it easier on us as it is more difficult when files/programs are appearing in/disappearing from the logs;
  • do not run any tools or scans other than those requested;
  • follow all instructions in the order they are presented;
  • if you have problems with or do not understand the instructions, ask before continuing;
  • stay with this thread until given the All Clear, as absence of symptoms does not always mean the machine is clean;
  • do not attach any logs/reports, etc.. unless specifically requested to do so.
  • All logs/reports, etc.. must be posted in Notepad making sure the word wrap is unchecked. (In notepad click format, un-check word wrap if it is checked.)
Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

====================

Please uninstall the following programs via Programs & Features in Control Panel:

BuzzSearch See this: SystemLookup - Global Search

DefaultTab See this: SystemLookup - Global Search

Once uninstalled, delete their associated folders, if they still exist:

C:\Program Files (x86)\BuzzSearch
C:\Program Files (x86)\DefaultTab

Press Windows logo and letter R in the keyboard simultaneously to bring up the Run box. Copy/paste the following command into the Run box and press OK.

cmd /c rd /s /q "C:\Users\Binh C Dinh\AppData\Roaming\DefaultTab"

A DOS window will open and close again, this is normal.


====================

Next,
  1. Download ComboFix from here:

    https://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * IMPORTANT !!! Place ComboFix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    How to Disable Your Security Applications

  3. Double click on ComboFix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
amateur is offline  
Old 11-22-2013, 07:48 AM   #3
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Hello amateur,

Thank you so much for getting back with me. I have followed your instructions and removed these files and ran the combofix. Please see attached log.

*****
ComboFix 13-11-22.01 - Binh C Dinh 11/22/2013 6:46.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.5958 [GMT -8:00]
Running from: c:\users\Binh C Dinh\Desktop\virus2\7_ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0\6
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\background.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\crossriderManifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\manifest.xml
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1_base.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000020_analytics.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000025_analyticsFront.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000030_mz.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\102_dealply_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\103_intext_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\105_corticas_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\108_icm_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\119_similar_web_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\120_luck_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\138_getdeal_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\17_jQuery.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\21_debug.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\22_resources.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\28_initializer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\47_resources_background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\64_appApiMessage.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\7_hooks.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\72_appApiValidation.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\userCode\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\userCode\extension.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\actions\1.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon128.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon16.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon48.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\chrome.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\cookie.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\message.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\pageAction.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\pageActionBG.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\bg_app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\consts.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\cookie_store.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\crossriderAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\delegate.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\events.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\extensionDataStore.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\installer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\logFile.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\logging.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\onBGDocumentLoad.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\popupResource\newPopup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\popupResource\popup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\reports.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\storageWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\updateManager.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\util.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\xhr.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\main.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\manifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\popup.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\background.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\crossriderManifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\manifest.xml
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\1_base.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\1000020_analytics.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\1000025_analyticsFront.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\1000030_mz.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\102_dealply_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\103_intext_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\105_corticas_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\108_icm_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\119_similar_web_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\120_luck_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\138_getdeal_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\17_jQuery.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\21_debug.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\22_resources.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\28_initializer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\47_resources_background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\64_appApiMessage.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\7_hooks.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\72_appApiValidation.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\userCode\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\userCode\extension.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\icons\actions\1.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\icons\icon128.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\icons\icon16.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\icons\icon48.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\chrome.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\cookie.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\message.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\pageAction.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\pageActionBG.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\bg_app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\consts.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\cookie_store.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\crossriderAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\delegate.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\events.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\extensionDataStore.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\installer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\logFile.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\logging.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\onBGDocumentLoad.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\popupResource\newPopup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\popupResource\popup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\reports.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\storageWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\updateManager.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\util.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\xhr.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\main.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\manifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\popup.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\000071.ldb
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\000073.ldb
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\000076.ldb
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\000077.log
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\CURRENT
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\LOCK
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\LOG
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\LOG.old
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\MANIFEST-000075
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0.localstorage-journal
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0.localstorage
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Binh C Dinh\AppData\Local\Microsoft\Windows\Temporary Internet Files\BuzzSearch_iels
c:\users\Binh C Dinh\AppData\Local\SySaver\teMP.dat
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-10-22 to 2013-11-22 )))))))))))))))))))))))))))))))
.
.
2013-11-22 15:08 . 2013-11-22 15:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-22 15:08 . 2013-11-22 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-22 15:08 . 2013-11-22 15:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-20 06:25 . 2013-11-22 05:00 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-11-20 05:01 . 2013-11-22 14:59 -------- d-----w- c:\users\Binh C Dinh\AppData\Local\SySaver
2013-11-17 19:53 . 2013-11-09 22:06 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-17 19:53 . 2013-11-09 22:06 272496 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-17 19:53 . 2013-11-09 22:06 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-11-17 19:15 . 2013-11-17 19:15 -------- d-----w- c:\users\Binh C Dinh\AppData\Roaming\OpenWebKitSharp Strings
2013-11-17 19:10 . 2013-11-17 19:42 -------- d-----w- c:\program files (x86)\Optimizer Pro
2013-11-17 19:09 . 2013-11-17 19:09 -------- d-----w- c:\program files (x86)\Re-markit
2013-11-17 18:56 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-11-17 18:54 . 2013-05-08 14:23 114280 ------w- c:\windows\SysWow64\acaptuser32.dll
2013-11-17 18:53 . 2013-05-08 10:12 106088 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-11-17 18:45 . 2013-11-17 18:45 -------- d-----w- c:\program files (x86)\IminentToolbar
2013-11-17 18:45 . 2013-11-17 18:50 -------- d-----w- c:\users\Binh C Dinh\AppData\Roaming\iminent
2013-11-17 18:43 . 2013-11-17 18:43 -------- d-----w- c:\program files (x86)\Gophoto.it
2013-11-17 18:43 . 2013-11-17 18:43 -------- d-----w- c:\program files (x86)\FreeHDSport TV V6.0
2013-11-17 18:43 . 2013-11-20 06:38 -------- d-----w- c:\program files (x86)\ATDheNetTVApp.com
2013-11-17 18:40 . 2013-11-17 18:40 129536 ----a-w- c:\users\Public\AlexaNSISPlugin.7684.dll
2013-11-17 18:32 . 2013-11-17 18:32 -------- d-----w- c:\programdata\TubeDimmer
2013-11-17 18:30 . 2013-11-20 05:05 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-11-17 18:30 . 2013-11-17 18:30 -------- d-----w- c:\users\Binh C Dinh\AppData\Local\Programs
2013-11-17 18:29 . 2013-11-17 18:30 -------- d-----w- c:\users\Binh C Dinh\AppData\Roaming\mysearchdial
2013-11-14 03:52 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-11-14 03:51 . 2013-11-14 03:51 -------- d-----w- c:\program files\iPod
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\program files\iTunes
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\program files (x86)\iTunes
2013-11-14 03:12 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 03:12 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-14 03:12 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-14 03:12 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-14 03:12 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 03:12 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-14 03:12 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 03:12 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-14 03:12 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-14 03:06 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 03:06 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-14 03:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 03:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-14 03:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 03:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-14 03:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-06 04:11 . 2013-11-06 04:11 -------- d-----w- c:\users\Binh C Dinh\AppData\Roaming\Paltalk
2013-11-06 04:11 . 2013-11-06 04:11 -------- d-----w- c:\program files (x86)\Paltalk Messenger
2013-10-25 20:34 . 2013-02-13 02:31 114520 ----a-w- c:\windows\system32\Vxdif.dll
2013-10-25 20:34 . 2013-02-21 19:10 489264 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 02:08 . 2011-07-22 05:34 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-23 04:13 . 2013-10-23 04:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-23 03:55 . 2011-07-20 16:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-12 17:48 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-12 17:48 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-12 17:48 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-23 04:47 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-23 04:47 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-23 04:47 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-23 04:47 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-23 04:47 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-23 04:47 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-23 04:47 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-12 17:48 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-12 17:48 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-12 17:48 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-12 17:48 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-12 17:48 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-12 17:48 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-12 17:48 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-12 17:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-12 17:48 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-12 17:48 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-12 17:48 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-12 17:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-12 17:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-12 17:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-12 17:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-12 17:48 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-12 17:48 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-12 17:47 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}]
2013-10-22 05:33 409464 ----a-w- c:\programdata\TubeDimmer\IE\common.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{818f6ad9-ccf9-4cbd-8e66-3c29dd13115f}]
2013-11-17 19:09 136704 ----a-w- c:\program files (x86)\Re-markit\135.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1FAFD711-ABF9-4F6A-8130-5166C7371427}"= "c:\program files (x86)\IminentToolbar\1.8.26.8\iminentTlbr.dll" [2013-10-06 293784]
.
[HKEY_CLASSES_ROOT\clsid\{1fafd711-abf9-4f6a-8130-5166c7371427}]
[HKEY_CLASSES_ROOT\iminent.iminentdskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\iminent.iminentdskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2013-09-03 1272704]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-22 39408]
"PCShowServer"="c:\users\Binh C Dinh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-10-15 525240]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Binh C Dinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe nas [2013-9-12 9819232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dcevt64;DSM SA Event Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [x]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
R2 dcstor64;DSM SA Data Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys;c:\windows\SYSNATIVE\drivers\d554gps64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\System32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\System32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 Mbm3CBus;Dell Wireless 5530 HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys;c:\windows\SYSNATIVE\drivers\Mbm3CBus.sys [x]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys;c:\windows\SYSNATIVE\drivers\Mbm3DevMt.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys;c:\windows\SYSNATIVE\drivers\nwdelgobi3kfilter.sys [x]
R3 nwdelserial;Dell Wireless Mobile Broadband Serial Driver;c:\windows\system32\drivers\nwdelserial.sys;c:\windows\SYSNATIVE\drivers\nwdelserial.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys;c:\windows\SYSNATIVE\Drivers\WLRAWMp50x64.sys [x]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys;c:\windows\SYSNATIVE\Drivers\WLRAWSp50x64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 20:02 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:55]
.
2013-11-22 c:\windows\Tasks\FreeHDSport TV V6.0-chromeinstaller.job
- c:\program files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-chromeinstaller.exe [2013-11-17 18:43]
.
2013-11-22 c:\windows\Tasks\FreeHDSport TV V6.0-updater.job
- c:\program files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-updater.exe [2013-11-17 18:43]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 04:08]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 04:08]
.
2013-11-22 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2013-11-22 c:\windows\Tasks\Re-markit Update.job
- c:\program files (x86)\Re-markit\ReMarkit_up.exe [2013-11-17 19:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 22:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 22:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p07_serp_ie_us_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_787557525f9343a89a5624259f721e77_30_46_20131117_US_ie_sp_IS0
mDefault_Search_URL = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mDefault_Page_URL = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mStart Page = hxxp://aartemis.com/?type=hp&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
uInternet Settings,ProxyOverride = *.local;<local>
mCustomizeSearch = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
mSearchAssistant = hxxp://www.aartemis.com/web/?type=ds&ts=1384715361&from=tugs&uid=WDCXWD3200BEKT-75PVMT0_WD-WX81A212197921979&q={searchTerms}
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\
FF - ExtSQL: 2013-11-07 15:28; [email protected]; c:\users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\[email protected]
FF - ExtSQL: 2013-11-17 10:40; [email protected]; c:\users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\[email protected]
FF - ExtSQL: 2013-11-17 10:43; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-11-17 11:09; {623df3f2-d573-48b5-ae59-065b433dd24a}; c:\program files (x86)\Re-markit\135.xpi
FF - ExtSQL: 2013-11-19 21:00; [email protected]; c:\users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\extensions\[email protected]
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R&cr=1447941512&ir=&q=
FF - user.js: extensions.mysearchdial.id - C0CB38ACF43BD8BE
FF - user.js: extensions.mysearchdial.instlDay - 16026
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.010:29
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1447941512
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R
FF - user.js: extensions.irmysearch.aflt - irmsd103
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1447941512
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{112BA211-334C-4A90-90EC-2AD1CDAB287C} - (no file)
BHO-{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\Binh C Dinh\AppData\Local\SySaver\temp.dat
BHO-{5cf5a690-c8f4-488e-9d20-f21aef602d41} - c:\program files (x86)\BuzzSearch\BuzzSearchBHO.dll
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Binh C Dinh\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Binh C Dinh\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-22 07:43:37
ComboFix-quarantined-files.txt 2013-11-22 15:43
ComboFix2.txt 2012-03-13 00:22
.
Pre-Run: 13,133,438,976 bytes free
Post-Run: 14,813,470,720 bytes free
.
- - End Of File - - C27ACEF09DCD7A3F6CE94EDE71904C4B
bcdinh is offline  
Sponsored Links
Advertisement
 
Old 11-22-2013, 08:39 AM   #4
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

You're welcome.

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this and set it to default.

Click Start > Control Panel > User Accounts and Family Safety > User Accounts > Change User Account settings and set it back.


==================

You have Optimizer Pro installed. We do not recommend the use of registry cleaners/optimizers/tweakers. Our colleague miekiemoes has an excellent writeup here

Two other excellent articles: One by Bill Castner is located here and the other by Ed Bott is here

=====================

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

=====================

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
amateur is offline  
Old 11-22-2013, 09:31 AM   #5
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Hello again amateur,

I didn't install Optimizer Pro. Somehow when I download flash player it installed itself in there and I removed it already bc I didn't recognize the program.

Thank you for your help and time!

#####
# AdwCleaner v3.012 - Report created 22/11/2013 at 09:02:50
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Binh C Dinh - MININT-PNQ1F3C
# Running from : C:\Users\Binh C Dinh\Desktop\virus2\9_adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Users\Binh C Dinh\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Binh C Dinh\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Binh C Dinh\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Binh C Dinh\Documents\optimizer pro
Folder Deleted : C:\Users\Binh C Dinh\Documents\PC Health Kit
Folder Deleted : C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Folder Deleted : C:\Users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Folder Deleted : C:\Users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
File Deleted : C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\Extensions\[email protected]
File Deleted : C:\Users\Binh C Dinh\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\defaulttab.config
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\aartemis.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\user.js
File Deleted : C:\Users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Binh C Dinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Binh C Dinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Binh C Dinh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Binh C Dinh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (64-bit).lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr
Key Deleted : HKLM\SOFTWARE\Classes\iminent.iminentHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FAFD711-ABF9-4F6A-8130-5166C7371427}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112BA211-334C-4A90-90EC-2AD1CDAB287C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1FAFD711-ABF9-4F6A-8130-5166C7371427}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\aartemisSoftware
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\prefs.js ]

Line Deleted : user_pref("extensions.dynconff.cache.aartemis.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1674_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\r\n <![...]
Line Deleted : user_pref("extensions.dynconff.cache.aartemis.com.expires", "1385139277815");
Line Deleted : user_pref("extensions.dynconff.cache.www.yahoo.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"_1520_1581_1674_1164_1524_1146_1169_1348_1482_1493_1521\"><content id=\"MB_P1\">\r\n <newjs>\[...]
Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "1447941512");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCt[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "C0CB38ACF43BD8BE");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16026");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzz0A0C0FyEtA0B0Dzz0B0EtN0D0Tzu0SyCzzyBtN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Cz[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.010:29:26");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [27847 octets] - [22/11/2013 08:58:12]
AdwCleaner[S0].txt - [25412 octets] - [22/11/2013 09:02:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25473 octets] ##########
bcdinh is offline  
Old 11-22-2013, 09:31 AM   #6
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Binh C Dinh on Fri 11/22/2013 at 9:10:29.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CEA6382A-9CD6-4D4D-B293-DE5E0716AF43}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Binh C Dinh\AppData\Roaming\microsoft\windows\start menu\programs\atdhenettvapp.com"



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]"
Successfully deleted: [Folder] C:\Users\Binh C Dinh\AppData\Roaming\mozilla\firefox\profiles\ep446jwh.default\extensions\[email protected]
Successfully deleted the following from C:\Users\Binh C Dinh\AppData\Roaming\mozilla\firefox\profiles\ep446jwh.default\prefs.js

user_pref("extensions.defaulttab.installdate", 1353394134);
user_pref("extensions.defaulttab.useNewTabWhiteList", false);
Emptied folder: C:\Users\Binh C Dinh\AppData\Roaming\mozilla\firefox\profiles\ep446jwh.default\minidumps [93 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/22/2013 at 9:26:11.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bcdinh is offline  
Old 11-22-2013, 11:04 AM   #7
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

Quote:
I didn't install Optimizer Pro. Somehow when I download flash player it installed itself in there and I removed it already bc I didn't recognize the program.
You did well. It's always a good idea though to be careful and un-check any additional software offer when downloading and installing a program.

A couple more scans to take care of the remnants.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Launch Malwarebyte's, and select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

===================

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply and let me know how the system is behaving now.
amateur is offline  
Old 11-23-2013, 08:36 AM   #8
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Thank you again for your help amateur. Things seem to be back to normal.

There were no threat found for ESET scan.

Is it possible if you could show me what to look for in all the scan that you asked me to do so I can remove spams and viruses in the future?

######
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.11.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Binh C Dinh :: MININT-PNQ1F3C [administrator]

11/22/2013 9:35:42 PM
13_MBAM-log-2013-11-22 (21-51-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237627
Time elapsed: 15 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{5cf5a690-c8f4-488e-9d20-f21aef602d41} (PUP.Optional.BuzzSearch.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CF5A690-C8F4-488E-9D20-F21AEF602D41} (PUP.Optional.BuzzSearch.A) -> No action taken.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> No action taken.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCR\CLSID\{818f6ad9-ccf9-4cbd-8e66-3c29dd13115f} (PUP.Optional.ReMarkIt.A) -> No action taken.
HKCR\TypeLib\{acc3a573-dc2c-4391-a559-724f32fb5de0} (PUP.Optional.ReMarkIt.A) -> No action taken.
HKCR\Interface\{0f3a121c-c1cc-44d6-94a6-7c573fbf1f8c} (PUP.Optional.ReMarkIt.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{818F6AD9-CCF9-4CBD-8E66-3C29DD13115F} (PUP.Optional.ReMarkIt.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{818F6AD9-CCF9-4CBD-8E66-3C29DD13115F} (PUP.Optional.ReMarkIt.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{818F6AD9-CCF9-4CBD-8E66-3C29DD13115F} (PUP.Optional.ReMarkIt.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7dd67585-84ed-4372-a6e5-044bd160d6fa} (PUP.Optional.ReMarkIt.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel (PUP.Optional.ReMarkIt.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\Re-markit (PUP.Optional.ReMarkIt.A) -> No action taken.

Files Detected: 17
C:\Users\Binh C Dinh\Downloads\atdhd_download.exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\Users\Binh C Dinh\Downloads\Browser_Update (1).exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Binh C Dinh\Downloads\Browser_Update.exe (PUP.Optional.BundleInstaller.A) -> No action taken.
C:\Users\Binh C Dinh\Downloads\Media_Player_Setup.exe (PUP.Optional.iBryte) -> No action taken.
C:\Users\Binh C Dinh\Downloads\pal_install_r109860_a3000.exe (PUP.Optional.Spigot.A) -> No action taken.
C:\Users\Binh C Dinh\Downloads\Updater_Setup (1).exe (PUP.Optional.iBryte) -> No action taken.
C:\Users\Binh C Dinh\Downloads\Updater_Setup.exe (PUP.Optional.iBryte) -> No action taken.
C:\Program Files (x86)\Re-markit\135.crx (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Program Files (x86)\Re-markit\135.dat (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Program Files (x86)\Re-markit\135.dll (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Program Files (x86)\Re-markit\135.xpi (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Program Files (x86)\Re-markit\crx.db (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Program Files (x86)\Re-markit\ReMarkit_up.exe (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Program Files (x86)\Re-markit\sqlite3.dll (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Program Files (x86)\Re-markit\Uninstall.exe (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Program Files (x86)\Re-markit\xpi.db (PUP.Optional.ReMarkIt.A) -> No action taken.
C:\Windows\Tasks\Re-markit Update.job (PUP.Optional.ReMarkIt.A) -> No action taken.

(end)
bcdinh is offline  
Old 11-23-2013, 09:51 AM   #9
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

Quote:
Things seem to be back to normal.
Quote:
There were no threat found for ESET scan.
Glad to hear that.

Quote:
Is it possible if you could show me what to look for in all the scan that you asked me to do so I can remove spams and viruses in the future?
Well, it's not that easy. It takes anywhere from six months to a couple of years to get trained in malware removal. Even then, it's a constant learning process as malware evolves all the time and becomes more and more complicated. If you wish to become a malware fighter, below a list of training schools :

UNITE - Unified Network of Instructors and Trained Eliminators

================

Please uninstall Tube Dimmer via Programs & Features in Control Panel, if present. See here for info: SystemLookup - 44ed99e2-16a6-4b89-80d6-5b21cf42e78b

Once uninstalled, press Windows logo and letter R in the keyboard simultaneously to bring up the Run box. Copy/paste the following command into the Run box and press OK.

cmd /c rd /s /q " c:\programdata\TubeDimmer"

A DOS window will open and close again, this is normal.

================
As for Malwarebytes Anti-Malware scan,

Quote:
No action taken.
Please run MBAM again as per previous instructions, but this time be sure to remove the selected items as instructed and post the log in your next reply:

Quote:
Be sure that everything is checked, and click Remove Selected.
================

Also, please post a fresh DDS.txt for me to review the present state of the system. If all is well, we can finish up in the next round. Thanks.
amateur is offline  
Old 11-25-2013, 09:23 PM   #10
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Hi amateur,

I can't delete the program in control panel nor Pragram Files (86x) either. Is there an another way to delete it?

%%%%%

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.11.24.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Binh C Dinh :: MININT-PNQ1F3C [administrator]

11/25/2013 9:05:52 PM
mbam-log-2013-11-25 (21-05-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237773
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#####

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2
Run by Binh C Dinh at 21:07:11 on 2013-11-25
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.5829 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\sysWOW64\SDIOAssist.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20131122090757.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PCShowServer] "C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\BINHCD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E}\2656C6B696E6E2565336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3C54AFA1-79FE-47C3-BFF8-D4196D9BE98E}\454416E676 : DHCPNameServer = 192.168.2.1 24.159.64.23 24.217.201.67 66.189.0.100
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20131122090756.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Binh C Dinh\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Binh C Dinh\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-11-17 11:09; {623df3f2-d573-48b5-ae59-065b433dd24a}; C:\Program Files (x86)\Re-markit\135.xpi
FF - ExtSQL: 2013-11-22 09:07; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; C:\Program Files (x86)\Common Files\McAfee\SystemCore
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-11-23 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-11 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-12-23 22128]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2012-2-16 43112]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-11 89600]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-22 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-22 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-12 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-12 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-12 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-12 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-11-23 241456]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-11-23 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-11-23 182752]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-1-1 8192]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2009-8-6 11576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-19 2594584]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\accelern.sys [2011-7-11 27760]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-8-30 1109296]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-11-23 70112]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-7-11 172704]
R3 dcdbas;System Management Driver;C:\Windows\System32\drivers\dcdbas64.sys [2010-10-21 38472]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-11 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-22 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-11-23 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-11-23 515968]
R3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2011-7-11 74984]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2011-7-11 83560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 dcevt64;DSM SA Event Manager;"C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe" --> C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [?]
S2 dcpsysmgrsvc;Dell System Manager Service;"C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe" --> C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [?]
S2 dcstor64;DSM SA Data Manager;"C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe" --> C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-7-11 348712]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;C:\Windows\System32\drivers\d554gps64.sys [2011-7-11 101416]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 ecnssndis; Mobile Broadband Driver;C:\Windows\System32\drivers\wwuss64.sys [2011-7-11 26664]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;C:\Windows\System32\drivers\wwussf64.sys [2011-7-11 30248]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-12-12 196440]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-11 158976]
S3 Mbm3CBus;Dell Wireless 5530 HSPA Mini-Card Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2011-7-11 411208]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);C:\Windows\System32\drivers\Mbm3DevMt.sys [2011-7-11 419912]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-11-23 106552]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-7-11 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-7-11 180736]
S3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;C:\Windows\System32\drivers\nwdelgobi3kfilter.sys [2011-7-11 34304]
S3 nwdelserial;Dell Wireless Mobile Broadband Serial Driver;C:\Windows\System32\drivers\nwdelserial.sys [2011-7-11 234112]
S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2011-7-11 72808]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2012-1-23 166704]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-22 1255736]
S3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;C:\Windows\System32\drivers\WLRAWMp50x64.sys [2013-8-10 35352]
S3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;C:\Windows\System32\drivers\WLRAWSp50x64.sys [2013-8-10 34328]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2011-11-30 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2011-11-30 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2011-11-30 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2011-11-30 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2011-11-30 29288]
.
=============== Created Last 30 ================
.
2013-11-23 05:33:55 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-23 05:33:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-22 17:10:24 -------- d-----w- C:\Windows\ERUNT
2013-11-22 16:58:09 -------- d-----w- C:\AdwCleaner
2013-11-22 15:44:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-11-22 14:43:55 98816 ----a-w- C:\Windows\sed.exe
2013-11-22 14:43:55 256000 ----a-w- C:\Windows\PEV.exe
2013-11-22 14:43:55 208896 ----a-w- C:\Windows\MBR.exe
2013-11-20 06:25:01 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-11-20 05:01:30 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\SySaver
2013-11-17 19:53:36 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-17 19:53:36 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-17 19:53:36 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-11-17 19:15:48 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\OpenWebKitSharp Strings
2013-11-17 18:56:50 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-11-17 18:54:27 114280 ------w- C:\Windows\SysWow64\acaptuser32.dll
2013-11-17 18:53:14 106088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-11-17 18:43:33 -------- d-----w- C:\Program Files (x86)\FreeHDSport TV V6.0
2013-11-17 18:32:41 -------- d-----w- C:\ProgramData\TubeDimmer
2013-11-17 18:30:05 -------- d-----w- C:\Users\Binh C Dinh\AppData\Local\Programs
2013-11-14 03:52:13 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-11-14 03:51:20 -------- d-----w- C:\Program Files\iPod
2013-11-14 03:51:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-14 03:51:18 -------- d-----w- C:\Program Files\iTunes
2013-11-14 03:51:18 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-14 03:12:39 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 03:12:36 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-14 03:12:18 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-14 03:12:14 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-11-14 03:12:13 197120 ----a-w- C:\Windows\System32\credui.dll
2013-11-14 03:12:13 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 03:12:13 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-14 03:12:13 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-11-14 03:12:13 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 0335 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-14 0335 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-14 03:03:11 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-14 03:03:10 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-14 03:03:10 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-14 03:03:10 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 03:03:10 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-06 04:11:26 -------- d-----w- C:\Users\Binh C Dinh\AppData\Roaming\Paltalk
2013-11-06 04:11:21 -------- d-----w- C:\Program Files (x86)\Paltalk Messenger
.
==================== Find3M ====================
.
2013-10-23 04:13:19 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-23 03:55:46 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 21:08:19.15 ===============
bcdinh is offline  
Old 11-25-2013, 11:52 PM   #11
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Quote:
I can't delete the program in control panel nor Pragram Files (86x) either. Is there an another way to delete it?
Can you please elaborate on it a bit more. Is it still present in the Programs and Features applet in Control Panel and the Programs Files folder?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it. (Vista/Win7 users, right-click > Run as Administrator)
  • Copy the content of the following codebox into the main textfield:

    Code:
    :regfind
    TubeDimmer
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
amateur is offline  
Old 11-26-2013, 08:51 AM   #12
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Good morning amateur,

When I go to Program and Feature window and click uninstall the program and nothing really happen to the program. Usually I see another window pop ups allowing you to proceed with deleting the program. I tried to hit refresh the folder to see if it disappear in the background or not but nothing happens. The program is still present in Program and Feature. The program is not located in C:/Pragram Files (86x).

I will post the result of the next run for you when I get home.
bcdinh is offline  
Old 11-26-2013, 09:36 PM   #13
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



SystemLook 27.08.10 by jpshortstuff
Log created at 21:35 on 26/11/2013 by Binh C Dinh
Administrator - Elevation successful

========== regfind ==========

Searching for "TubeDimmer"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"k"="cmd /c rd /s /q " c:\programdata\TubeDimmer"\1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}]
"ad"="tubedimmerapp.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}]
"ad"="tubedimmerapp.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\ProgramData\TubeDimmer\uninstall.exe"="VISTARTM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TubeDimmer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TubeDimmer]
"DisplayIcon"="C:\ProgramData\TubeDimmer\TubeDimmer.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TubeDimmer]
"HelpLink"="https://www.tubedimmerapp.com/about.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TubeDimmer]
"UninstallString"="C:\ProgramData\TubeDimmer\uninstall.exe /kb=y /ic=2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}]
"ad"="tubedimmerapp.com"
[HKEY_USERS\S-1-5-21-1784040211-1244368591-229558164-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"k"="cmd /c rd /s /q " c:\programdata\TubeDimmer"\1"

-= EOF =-
bcdinh is offline  
Old 11-27-2013, 01:31 AM   #14
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it wonít work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Disable your Security Applications

Code:
Folder::
C:\ProgramData\TubeDimmer
c:\users\Binh C Dinh\AppData\Local\SySaver

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"k"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\ProgramData\TubeDimmer\uninstall.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TubeDimmer]
[HKEY_USERS\S-1-5-21-1784040211-1244368591-229558164-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"k"=-
ClearJavaCache::
Save this as CFScript.txt on your Desktop.



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • ComboFix may request an update; please allow it.
  • When finished, please post the log it produced in your next reply.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.


Reboot your machine and let me know if TubeDimmer is still present.
amateur is offline  
Old 11-28-2013, 11:20 AM   #15
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Hi amateur and happy thanksgiving.

ComboFix 13-11-27.01 - Binh C Dinh 11/28/2013 10:57:47.5.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.5797 [GMT -8:00]
Running from: c:\users\Binh C Dinh\Desktop\7_ComboFix.exe
Command switches used :: c:\users\Binh C Dinh\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\TubeDimmer
c:\programdata\TubeDimmer\Chrome\common.crx
c:\programdata\TubeDimmer\Chrome\unzip\announce.js
c:\programdata\TubeDimmer\Chrome\unzip\background.html
c:\programdata\TubeDimmer\Chrome\unzip\common.js
c:\programdata\TubeDimmer\Chrome\unzip\contentscript.js
c:\programdata\TubeDimmer\Chrome\unzip\icon.png
c:\programdata\TubeDimmer\Chrome\unzip\icon128.png
c:\programdata\TubeDimmer\Chrome\unzip\icon16.png
c:\programdata\TubeDimmer\Chrome\unzip\icon48.png
c:\programdata\TubeDimmer\Chrome\unzip\iframecontentscript.js
c:\programdata\TubeDimmer\Chrome\unzip\manifest.json
c:\programdata\TubeDimmer\Firefox\chrome.manifest
c:\programdata\TubeDimmer\Firefox\chrome\content\main.js
c:\programdata\TubeDimmer\Firefox\chrome\content\overlay.xul
c:\programdata\TubeDimmer\Firefox\install.rdf
c:\programdata\TubeDimmer\IE\common.dll
c:\programdata\TubeDimmer\TubeDimmer.ico
c:\programdata\TubeDimmer\Uninstall.exe
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0\6
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\background.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\crossriderManifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\manifest.xml
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1_base.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000020_analytics.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000025_analyticsFront.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000030_mz.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\102_dealply_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\103_intext_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\105_corticas_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\108_icm_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\119_similar_web_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\120_luck_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\138_getdeal_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\17_jQuery.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\21_debug.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\22_resources.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\28_initializer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\47_resources_background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\64_appApiMessage.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\7_hooks.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\72_appApiValidation.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\userCode\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\userCode\extension.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\actions\1.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon128.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon16.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon48.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\chrome.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\cookie.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\message.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\pageAction.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\pageActionBG.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\bg_app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\consts.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\cookie_store.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\crossriderAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\delegate.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\events.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\extensionDataStore.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\installer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\logFile.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\logging.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\onBGDocumentLoad.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\popupResource\newPopup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\popupResource\popup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\reports.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\storageWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\updateManager.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\util.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\xhr.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\main.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\manifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\popup.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\background.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\crossriderManifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\manifest.xml
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\1_base.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\1000020_analytics.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\1000025_analyticsFront.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\1000030_mz.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\102_dealply_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\103_intext_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\105_corticas_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\108_icm_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\119_similar_web_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\120_luck_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\138_getdeal_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\17_jQuery.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\21_debug.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\22_resources.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\28_initializer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\47_resources_background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\64_appApiMessage.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\7_hooks.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\72_appApiValidation.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\userCode\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\extensionData\userCode\extension.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\icons\actions\1.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\icons\icon128.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\icons\icon16.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\icons\icon48.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\chrome.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\cookie.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\message.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\pageAction.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\api\pageActionBG.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\bg_app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\consts.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\cookie_store.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\crossriderAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\delegate.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\events.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\extensionDataStore.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\installer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\logFile.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\logging.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\onBGDocumentLoad.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\popupResource\newPopup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\popupResource\popup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\reports.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\storageWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\updateManager.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\util.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\lib\xhr.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\js\main.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\manifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.24_0\popup.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\CURRENT
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\LOG.old
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0.localstorage-journal
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Binh C Dinh\AppData\Local\SySaver
c:\users\Binh C Dinh\AppData\Local\SySaver\.build
c:\users\Binh C Dinh\AppData\Local\SySaver\.user
c:\users\Binh C Dinh\AppData\Local\SySaver\eula.txt
c:\users\Binh C Dinh\AppData\Local\SySaver\uninst.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-10-28 to 2013-11-28 )))))))))))))))))))))))))))))))
.
.
2013-11-28 19:08 . 2013-11-28 19:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-28 19:08 . 2013-11-28 19:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-11-28 19:08 . 2013-11-28 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-23 05:33 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-23 05:33 . 2013-11-24 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-22 17:10 . 2013-11-22 17:10 -------- d-----w- c:\windows\ERUNT
2013-11-22 16:58 . 2013-11-22 17:03 -------- d-----w- C:\AdwCleaner
2013-11-20 06:25 . 2013-11-22 05:00 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-11-17 19:53 . 2013-11-09 22:06 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-17 19:53 . 2013-11-09 22:06 272496 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-17 19:53 . 2013-11-09 22:06 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-11-17 19:15 . 2013-11-17 19:15 -------- d-----w- c:\users\Binh C Dinh\AppData\Roaming\OpenWebKitSharp Strings
2013-11-17 18:56 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-11-17 18:54 . 2013-05-08 14:23 114280 ------w- c:\windows\SysWow64\acaptuser32.dll
2013-11-17 18:53 . 2013-05-08 10:12 106088 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-11-17 18:43 . 2013-11-17 18:43 -------- d-----w- c:\program files (x86)\FreeHDSport TV V6.0
2013-11-17 18:40 . 2013-11-17 18:40 129536 ----a-w- c:\users\Public\AlexaNSISPlugin.7684.dll
2013-11-17 18:30 . 2013-11-17 18:30 -------- d-----w- c:\users\Binh C Dinh\AppData\Local\Programs
2013-11-14 03:52 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-11-14 03:51 . 2013-11-14 03:51 -------- d-----w- c:\program files\iPod
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\program files\iTunes
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\program files (x86)\iTunes
2013-11-14 03:12 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 03:12 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-14 03:12 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-14 03:12 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-14 03:12 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 03:12 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-14 03:12 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 03:12 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-14 03:12 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-14 03:06 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 03:06 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-14 03:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 03:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-14 03:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 03:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-14 03:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-06 04:11 . 2013-11-06 04:11 -------- d-----w- c:\users\Binh C Dinh\AppData\Roaming\Paltalk
2013-11-06 04:11 . 2013-11-06 04:11 -------- d-----w- c:\program files (x86)\Paltalk Messenger
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 02:08 . 2011-07-22 05:34 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-23 04:13 . 2013-10-23 04:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-23 03:55 . 2011-07-20 16:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-12 17:48 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-12 17:48 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-12 17:48 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-23 04:47 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-23 04:47 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-23 04:47 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-23 04:47 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-23 04:47 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-23 04:47 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-23 04:47 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2013-09-03 1272704]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-22 39408]
"PCShowServer"="c:\users\Binh C Dinh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-10-15 525240]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Binh C Dinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe nas [2013-9-12 9819232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dcevt64;DSM SA Event Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [x]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
R2 dcstor64;DSM SA Data Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys;c:\windows\SYSNATIVE\drivers\d554gps64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\System32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\System32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 Mbm3CBus;Dell Wireless 5530 HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys;c:\windows\SYSNATIVE\drivers\Mbm3CBus.sys [x]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys;c:\windows\SYSNATIVE\drivers\Mbm3DevMt.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys;c:\windows\SYSNATIVE\drivers\nwdelgobi3kfilter.sys [x]
R3 nwdelserial;Dell Wireless Mobile Broadband Serial Driver;c:\windows\system32\drivers\nwdelserial.sys;c:\windows\SYSNATIVE\drivers\nwdelserial.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys;c:\windows\SYSNATIVE\Drivers\WLRAWMp50x64.sys [x]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys;c:\windows\SYSNATIVE\Drivers\WLRAWSp50x64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 20:02 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:55]
.
2013-11-28 c:\windows\Tasks\FreeHDSport TV V6.0-chromeinstaller.job
- c:\program files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-chromeinstaller.exe [2013-11-17 18:43]
.
2013-11-28 c:\windows\Tasks\FreeHDSport TV V6.0-updater.job
- c:\program files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-updater.exe [2013-11-17 18:43]
.
2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 04:08]
.
2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 04:08]
.
2013-11-26 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 22:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 22:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2013-11-17 11:09; {623df3f2-d573-48b5-ae59-065b433dd24a}; c:\program files (x86)\Re-markit\135.xpi
FF - ExtSQL: 2013-11-22 09:07; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files (x86)\Common Files\McAfee\SystemCore
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-SySaver - c:\users\Binh C Dinh\AppData\Local\SySaver\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-28 11:11:48
ComboFix-quarantined-files.txt 2013-11-28 19:11
ComboFix2.txt 2013-11-22 15:43
ComboFix3.txt 2012-03-13 00:22
.
Pre-Run: 26,164,498,432 bytes free
Post-Run: 25,952,653,312 bytes free
.
- - End Of File - - 7BC21794CA551E30AD9B24C2BAC22130
bcdinh is offline  
Old 11-28-2013, 12:30 PM   #16
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hello bcdinh,

Happy Thanksgiving to you too!

Is TubeDimmer gone now?
amateur is offline  
Old 11-28-2013, 07:26 PM   #17
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Yes, TubeDimmer is gone now. Thank you!
bcdinh is offline  
Old 11-29-2013, 12:06 AM   #18
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Great.

There's one Re-markit entry left behind. The file should have already been removed with Malwarebytes' Anti-Malware, but the FF extension is still showing up. Just for the sake of being thorough, let's take it out with Combofix.
  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it wonít work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Disable your Security Applications

Code:
FireFox::
FF - ProfilePath - c:\users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\
FF - ExtSQL: 2013-11-17 11:09; {623df3f2-d573-48b5-ae59-065b433dd24a}; c:\program files (x86)\Re-markit\135.xpi
Save this as CFScript.txt on your Desktop.



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • ComboFix may request an update; please allow it.
  • When finished, please post the log it produced in your next reply.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.


Make sure that your antivirus is re-enabled before you connect to the internet again.
amateur is offline  
Old 12-02-2013, 09:44 PM   #19
Registered Member
 
Join Date: Jan 2011
Posts: 120
OS: xp, windows 7



Hello amateur,

####

ComboFix 13-12-01.01 - Binh C Dinh 12/02/2013 21:27:13.6.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8089.6124 [GMT -8:00]
Running from: c:\users\Binh C Dinh\Desktop\virus2\7_ComboFix.exe
Command switches used :: c:\users\Binh C Dinh\Desktop\virus2\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\background.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\crossriderManifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\manifest.xml
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1_base.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000020_analytics.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000025_analyticsFront.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\1000030_mz.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\102_dealply_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\103_intext_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\105_corticas_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\108_icm_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\119_similar_web_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\120_luck_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\138_getdeal_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\17_jQuery.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\21_debug.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\22_resources.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\28_initializer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\47_resources_background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\64_appApiMessage.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\7_hooks.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\72_appApiValidation.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\userCode\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\extensionData\userCode\extension.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\actions\1.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon128.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon16.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\icons\icon48.png
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\chrome.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\cookie.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\message.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\pageAction.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\api\pageActionBG.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\background.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\bg_app_api.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\consts.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\cookie_store.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\crossriderAPI.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\delegate.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\events.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\extensionDataStore.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\installer.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\logFile.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\logging.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\onBGDocumentLoad.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\popupResource\newPopup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\popupResource\popup.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\reports.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\storageWrapper.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\updateManager.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\util.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\lib\xhr.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\js\main.js
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\manifest.json
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjmheampjleaoikpfdkifgnbomdammdn\1.25.22_0\popup.html
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\000021.ldb
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\000023.ldb
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\000026.ldb
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\000027.log
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\LOCK
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\LOG
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmheampjleaoikpfdkifgnbomdammdn\MANIFEST-000025
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kjmheampjleaoikpfdkifgnbomdammdn_0.localstorage
c:\users\Binh C Dinh\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 05:40 . 2013-12-03 05:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-12-03 05:40 . 2013-12-03 05:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-12-03 05:40 . 2013-12-03 05:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-23 05:33 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-23 05:33 . 2013-11-24 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-22 17:10 . 2013-11-22 17:10 -------- d-----w- c:\windows\ERUNT
2013-11-22 16:58 . 2013-11-22 17:03 -------- d-----w- C:\AdwCleaner
2013-11-20 06:25 . 2013-11-22 05:00 -------- d-----w- c:\program files (x86)\SpywareBlaster
2013-11-17 19:53 . 2013-11-09 22:06 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-11-17 19:53 . 2013-11-09 22:06 272496 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2013-11-17 19:53 . 2013-11-09 22:06 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-11-17 19:15 . 2013-11-17 19:15 -------- d-----w- c:\users\Binh C Dinh\AppData\Roaming\OpenWebKitSharp Strings
2013-11-17 18:56 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2013-11-17 18:54 . 2013-05-08 14:23 114280 ------w- c:\windows\SysWow64\acaptuser32.dll
2013-11-17 18:53 . 2013-05-08 10:12 106088 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-11-17 18:43 . 2013-11-17 18:43 -------- d-----w- c:\program files (x86)\FreeHDSport TV V6.0
2013-11-17 18:40 . 2013-11-17 18:40 129536 ----a-w- c:\users\Public\AlexaNSISPlugin.7684.dll
2013-11-17 18:30 . 2013-11-17 18:30 -------- d-----w- c:\users\Binh C Dinh\AppData\Local\Programs
2013-11-14 03:52 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-11-14 03:51 . 2013-11-14 03:51 -------- d-----w- c:\program files\iPod
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\program files\iTunes
2013-11-14 03:51 . 2013-11-14 03:52 -------- d-----w- c:\program files (x86)\iTunes
2013-11-14 03:12 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 03:12 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-14 03:12 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-14 03:12 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2013-11-14 03:12 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-14 03:12 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2013-11-14 03:12 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-14 03:12 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-11-14 03:12 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-14 03:06 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 03:06 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-14 03:03 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 03:03 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-14 03:03 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-14 03:03 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-11-14 03:03 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-06 04:11 . 2013-11-06 04:11 -------- d-----w- c:\users\Binh C Dinh\AppData\Roaming\Paltalk
2013-11-06 04:11 . 2013-11-06 04:11 -------- d-----w- c:\program files (x86)\Paltalk Messenger
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 02:08 . 2011-07-22 05:34 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-23 04:13 . 2013-10-23 04:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-23 03:55 . 2011-07-20 16:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-08 02:30 . 2013-10-12 17:48 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-12 17:48 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-12 17:48 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-23 04:47 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-23 04:47 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-23 04:47 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-23 04:47 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-23 04:47 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-23 04:47 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-23 04:47 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2013-09-03 1272704]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-22 39408]
"PCShowServer"="c:\users\Binh C Dinh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-10-15 525240]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Binh C Dinh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe nas [2013-9-12 9819232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys;c:\windows\SYSNATIVE\drivers\lsnfd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dcevt64;DSM SA Event Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe [x]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [x]
R2 dcstor64;DSM SA Data Manager;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe;c:\program files\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr64.exe [x]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe;c:\windows\SysWOW64\srvany.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps64.sys;c:\windows\SYSNATIVE\drivers\d554gps64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ecnssndis; Mobile Broadband Driver;c:\windows\System32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\System32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 Mbm3CBus;Dell Wireless 5530 HSPA Mini-Card Device (WDM);c:\windows\system32\drivers\Mbm3CBus.sys;c:\windows\SYSNATIVE\drivers\Mbm3CBus.sys [x]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\drivers\Mbm3DevMt.sys;c:\windows\SYSNATIVE\drivers\Mbm3DevMt.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys;c:\windows\SYSNATIVE\drivers\nwdelgobi3kfilter.sys [x]
R3 nwdelserial;Dell Wireless Mobile Broadband Serial Driver;c:\windows\system32\drivers\nwdelserial.sys;c:\windows\SYSNATIVE\drivers\nwdelserial.sys [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys;c:\windows\SYSNATIVE\Drivers\WLRAWMp50x64.sys [x]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys;c:\windows\SYSNATIVE\Drivers\WLRAWSp50x64.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdjw7x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 20:02 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:55]
.
2013-12-03 c:\windows\Tasks\FreeHDSport TV V6.0-chromeinstaller.job
- c:\program files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-chromeinstaller.exe [2013-11-17 18:43]
.
2013-12-03 c:\windows\Tasks\FreeHDSport TV V6.0-updater.job
- c:\program files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-updater.exe [2013-11-17 18:43]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 04:08]
.
2013-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 04:08]
.
2013-12-01 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Binh C Dinh\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 22:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 22:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-03-29 4756240]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Binh C Dinh\AppData\Roaming\Mozilla\Firefox\Profiles\ep446jwh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2013-11-22 09:07; {D19CA586-DD6C-4a0a-96F8-14644F340D60}; c:\program files (x86)\Common Files\McAfee\SystemCore
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-02 21:43:07
ComboFix-quarantined-files.txt 2013-12-03 05:43
ComboFix2.txt 2013-11-28 19:11
ComboFix3.txt 2013-11-22 15:43
ComboFix4.txt 2012-03-13 00:22
.
Pre-Run: 24,993,308,672 bytes free
Post-Run: 24,750,067,712 bytes free
.
- - End Of File - - ACBB9B9D8F54395E70B9287765464828
bcdinh is offline  
Old 12-02-2013, 11:32 PM   #20
TSF-Emeritus
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



A program, i.e. FreeHDSport TV V6.0, which either you have installed yourself or came bundled with another installation, has a regenerating trojan downloader component.

See here:

Dr.Web Anti-virus - How To Remove Virus (Trojan.DownLoader10.53968) - [DRWEBHK.COM] (This is for the FireFox extension. It does the same with Chrome)
https://www.virustotal.com/en/file/6...5061/analysis/
  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it wonít work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Disable your Security Applications

Code:
File::
c:\windows\Tasks\FreeHDSport TV V6.0-chromeinstaller.job
c:\windows\Tasks\FreeHDSport TV V6.0-updater.job
c:\windows\Tasks\ParetoLogic Registration.job
c:\program files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-chromeinstaller.exe
c:\program files (x86)\FreeHDSport TV V6.0\FreeHDSport TV V6.0-updater.exe
Save this as CFScript.txt on your Desktop.



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • ComboFix may request an update; please allow it.
  • When finished, please post the log it produced in your next reply.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.
amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
CD drive window will not open
OK. So I put the CD in the drive, and it makes some noises like it recognizes it, but then stops. Usually a window pops up to ask me what to do. In this case, I want to install some software for my printer. Anyways, when I click on "Computer" and then my disk drive, it just does nothing. If I...
ProFamous Removable Media Drives 2 12-05-2011 07:51 PM
Google Chrome mixes my window layout
I always have multiple browser windows open, each with multiple tabs. I keep my windows in a logical order, for example my first window is my main work window with all web pages I need to work. However, after a few weeks of using Chrome my windows changed order and now I have to waste time...
aab1 Other Browsers 2 12-03-2011 11:51 AM
Internet Explorer 9 Download Window
hello all. i was wondering if there is a way to change IE9's download window back to how IE8's is? instead of having that bar that pops up at the bottom, have a window that pops up with the option to run, save, cancel like it does in IE8. thanks for your time.
tebugg Internet Explorer & Edge Forum 2 04-14-2011 12:00 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:53 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts