I am trying to remove this toolbar... did everything I know and cant. Here are logs from mbam and DDS Please Help.
------------------------------------ mbam.log -----------------------------------------
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.11.03
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Bob :: BOB-PC [administrator]
Protection: Enabled
8/11/2013 10:30:41 AM
mbam-log-2013-08-11 (10-30-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238429
Time elapsed: 13 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 30
HKLM\SYSTEM\CurrentControlSet\Services\IB Updater (PUP.Optional.SweetPacks.A) -> No action taken.
HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho (Adware.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho.1 (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{17E58097-6CA5-448B-830F-2A19678248FB} (PUP.Optional.LyricXeeker.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.SearchYa) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.SearchYa) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 5
C:\Users\Bob\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files\PricePeep (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
Files Detected: 19
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\PricePeep\pricepeep.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PricePeep\pricepeep.dll (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\Setup(1).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Bob\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2B6FJSBD\upgrade[1].cab (PUP.Zwangi) -> Quarantined and deleted successfully.
C:\Users\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files\PricePeep\installer.ico (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Program Files\PricePeep\pricepeep.crx (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Program Files\PricePeep\uninstall.exe (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Bob\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
(end)
-------------------- DDS Attach.txt -----------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2009 12:32:30 PM
System Uptime: 8/11/2013 9:59:06 AM (2 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 1600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 61.986 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.767 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player
AdventureWorksDB
Atheros Driver Installation Program
AVG Free 9.0
Bonjour
bSaving
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco Systems VPN Client 5.0.04.0300
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Crystal Reports Basic for Visual Studio 2008
Crystal Reports for Visual Studio
CyberLink DVD Suite
CyberLink YouCam
Dotfuscator Software Services - Community Edition
Driver Detective
Dropbox
ESU for Microsoft Vista
Facebook Video Calling 1.2.0.287
FileZilla Client 3.5.3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
IB Updater 2.0.0.530
Intel(R) Graphics Media Accelerator Driver
IrfanView (remove only)
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 13
Java(TM) 6 Update 7
LabelPrint
LabSim
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Help Viewer 1.0
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2000 Sample Database Scripts
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual Basic 2008 Step by Step
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Works
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSDN Library for Visual Studio 2008 - ENU
My HP Games
MyTurboPC
NetWaiting
Norton PC Checkup
Notepad++
OpenOffice.org 3.1
PhotoScape
Power2Go
PowerDirector
PremiumSoft Navicat Lite 9.1
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Safari
Safari Packages
Safari Packages 9
Sanmaxi Yahoo Chat Recovery(Evaluation) 5.0.1
Search Toolbar
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Service Pack 1 for SQL Server 2008 (KB968369)
Spelling Dictionaries Support For Adobe Reader 9
Sql Server Customer Experience Improvement Program
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
VC Runtimes MSI
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio Tools for the Office system 3.0 Runtime
WampServer 2.0
Web Deployment Tool
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
------------------------------------- DDS.txt -----------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.7.2
Run by Bob at 11:09:33 on 2013-08-11
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2974.841 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\SMINST\BLService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=568B00242BE50C04&affID=119360&tsp=4957
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://www.searchya.com/?f=1&a=orgnl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0B0EyDtD0CtDyEyEtByCtCtN0D0Tzu0CtAzyyDtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu0F1L1G1Q0M2U0S1F1O2Z1V0S1T1O1T1C1L&cr=1203282716&ir=
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\ib updater\Extension32.dll
BHO: bSaving: {38791CF8-E87C-11E1-881B-7B83F6A1EC23} - c:\program files\bsaving\c5915569d4741a119b84d40eebec1355.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\bob\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bob\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\bob\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\users\bob\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{14A81346-2C11-466E-8517-CBD94E61E4C1} : DHCPNameServer = 192.168.5.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= avgrsstx.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bob\appdata\roaming\mozilla\firefox\profiles\c8qtwy67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298581&CUI=UN37267840932326126&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298581&SearchSource=2&CUI=UN37267840932326126&UM=2&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\users\bob\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-28 10:20; {d2cf9842-af95-48cd-b873-bfbb48cd7f5e}; c:\users\bob\appdata\roaming\mozilla\firefox\profiles\c8qtwy67.default\extensions\{d2cf9842-af95-48cd-b873-bfbb48cd7f5e}
FF - ExtSQL: 2013-08-09 19:23; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\bob\appdata\roaming\mozilla\firefox\profiles\c8qtwy67.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2009-08-24 22:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQXeQqfDC&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 568b426100000000000000059a3c7800
FF - user.js: extensions.incredibar_i.instlDay - 15734
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:19:17
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQXeQqfDC
FF - user.js: extensions.incredibar_i.upn2n - 92544353436319044
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10700
FF - user.js: extensions.incredibar_i.ppd - 119
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=orgnl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0B0EyDtD0CtDyEyEtByCtCtN0D0Tzu0CtAzyyDtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu0F1L1G1Q0M2U0S1F1O2Z1V0S1T1O1T1C1L&cr=1203282716&ir=
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - false
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=orgnl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0B0EyDtD0CtDyEyEtByCtCtN0D0Tzu0CtAzyyDtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu0F1L1G1Q0M2U0S1F1O2Z1V0S1T1O1T1C1L&cr=1203282716&ir=
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=orgnl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0B0EyDtD0CtDyEyEtByCtCtN0D0Tzu0CtAzyyDtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu0F1L1G1Q0M2U0S1F1O2Z1V0S1T1O1T1C1L&cr=1203282716&ir=&q=
FF - user.js: extensions.searchya.id - 00242BE50C044261
FF - user.js: extensions.searchya.instlDay - 15734
FF - user.js: extensions.searchya.vrsn - 1.5.25.0
FF - user.js: extensions.searchya.vrsni - 1.5.25.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.015:16:8
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - orgnl
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef -
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya.autoRvrt - false
FF - user.js: extensions.searchya.envrmnt - production
FF - user.js: extensions.searchya.isdcmntcmplt - true
FF - user.js: extensions.searchya.mntrvrsn - 1.3.0
FF - user.js: extensions.irspeeddial.aflt - orgnl
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 1203282716
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtByEtB0B0EyDtD0CtDyEyEtByCtCtN0D0Tzu0CtAzyyDtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu0F1L1G1Q0M2U0S1F1O2Z1V0S1T1O1T1C1L
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 568b426100000000000000242be50c04
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15914
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.010:10:37
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119360&tsp=4957
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-9 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-9 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-9 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-19 308136]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-11 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-11 701512]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2013-8-10 132504]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-11 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-11 40776]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 CASprint;Sprint Con App Svc;"c:\program files\sprint\sprint smartview\conappssvc.exe" /n "casprint" --> c:\program files\sprint\sprint smartview\ConAppsSvc.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S4 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2013-1-29 188760]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 OrbisClient.Services;LabSim Configuration and Security;c:\program files\labslimhardwarecourse\orbis\OrbisClient.Services.exe [2009-3-23 13824]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2013-08-11 15:07:44 54016 ----a-w- c:\windows\system32\drivers\tnpe.sys
2013-08-11 14:26:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-11 14:26:52 -------- d-----w- c:\users\bob\appdata\roaming\Malwarebytes
2013-08-11 14:26:43 -------- d-----w- c:\programdata\Malwarebytes
2013-08-11 14:26:42 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-11 14:26:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-11 01:28:19 -------- d-----w- c:\program files\Norton PC Checkup 3.0
2013-08-11 00:28:41 -------- d-----w- c:\programdata\UAB
2013-08-11 00:28:36 -------- d-----w- c:\users\bob\appdata\local\PC_Drivers_Headquarters
2013-08-11 00:28:26 -------- d-----w- c:\users\bob\appdata\roaming\PCCUStubInstaller
2013-08-11 00:28:12 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2013-08-11 00:26:13 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2013-08-11 00:24:51 -------- d-----w- c:\programdata\APN
2013-08-10 13:53:26 -------- d-----w- c:\program files\COMODO
2013-08-09 23:54:18 -------- d-----w- c:\program files\CCleaner
2013-08-09 22:23:29 -------- d-----w- c:\users\bob\appdata\roaming\MyTurboPC.com
2013-08-09 22:23:29 -------- d-----w- c:\users\bob\appdata\roaming\DriverCure
2013-08-09 22:23:17 -------- d-----w- c:\programdata\MyTurboPC.com
2013-08-09 22:23:17 -------- d-----w- c:\program files\MyTurboPC.com
2013-08-09 22:23:17 -------- d-----w- c:\program files\common files\MyTurboPC.com
2013-08-09 22:11:26 -------- d-----w- c:\programdata\Sprint
2013-07-28 14:27:51 -------- d-----w- c:\program files\common files\Symantec Shared
2013-07-28 14:22:05 -------- d-----w- c:\users\bob\appdata\local\CRE
2013-07-28 14:22:03 -------- d-----w- c:\program files\Conduit
2013-07-28 14:12:33 -------- d-----w- c:\program files\VideoLAN
2013-07-28 14:11:04 -------- d-----w- c:\users\bob\appdata\roaming\Ask4Expert
2013-07-28 14:10:35 -------- d-----w- c:\program files\Ask4Expert
2013-07-28 14:09:11 -------- d-----w- c:\programdata\Babylon
.
==================== Find3M ====================
.
2013-06-12 19:10:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 19:10:29 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 11:15:57.24 ===============