Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MIXI.DJ / searchconduit.com cannot be removed [Solved]

Started by hboyce , Aug 15 2013 12:47 PM

  • This topic is locked This topic is locked

#1
hboyce
Posted 15 August 2013 - 12:47 PM

hboyce

    Member

  • Member
  • PipPip
  • 15 posts
Hello,

I first want to thank you very much for your assistance.

I downloaded a couple of programs from cnet.com - but something tagged along. MIXI.DJ was one of the programs, and though I uninstalled it, when accessing any of my internet browsers http://search.condui...2619096159&UM=2 shows up. It shows as the primary page in internet explorer and the 3rd tab when using Chrome. The tab shows MIXI.DJ at the top of the screen with a magnifying glass as if it is the search engine.

I have downloaded OTL to my desktop and run a full system scan (I only have one "user" so I didn't select "all users") for the last 30 days (since I did not have a problem - as far as I know) prior to that. I'm attaching the logAttached File  OTL.Txt   98.88KB   102 downloads just in case it is helpful. If you would like me to rescan - I am happy to do so.

Looking forward to your expertise. Thanks again!
  • 0

Advertisements

#2
hboyce
Posted 15 August 2013 - 12:57 PM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I apologize - I didn't read that I should copy and past the log rather than add an attachment ... here it is:

OTL logfile created on: 8/15/2013 11:58:08 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heidi\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 55.16% Memory free
5.99 Gb Paging File | 4.19 Gb Available in Paging File | 70.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.89 Gb Total Space | 176.70 Gb Free Space | 79.63% Space Free | Partition Type: NTFS
Drive D: | 7.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/15 11:55:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heidi\Desktop\OTL.exe
PRC - [2013/07/31 15:48:11 | 013,294,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2840628-v2-x86.exe
PRC - [2013/07/23 13:00:26 | 000,078,992 | ---- | M] (Microsoft Corporation) -- c:\0b5f5541f97c77c9ee9ddcbf\Setup.exe
PRC - [2013/07/12 18:02:23 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/20 17:52:00 | 007,345,664 | ---- | M] (Google Inc.) -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/06/11 14:13:12 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/05 11:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/21 19:48:08 | 000,393,216 | ---- | M] (Box, Inc.) -- C:\Program Files\Box Sync\BoxSyncHelper.exe
PRC - [2013/02/21 19:48:06 | 007,969,792 | ---- | M] (Box, Inc.) -- C:\Program Files\Box Sync\BoxSync.exe
PRC - [2013/01/08 08:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012/12/11 13:07:00 | 004,066,688 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2012/12/11 13:07:00 | 000,528,256 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
PRC - [2012/12/11 13:06:58 | 007,222,144 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2012/12/11 13:06:58 | 001,639,808 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2012/11/29 20:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/01 10:24:48 | 000,058,480 | ---- | M] (Screencast-O-Matic) -- C:\Users\Heidi\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe
PRC - [2012/10/16 03:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2012/10/15 15:37:42 | 000,525,240 | ---- | M] (NDS Technologies) -- C:\Users\Heidi\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2012/10/15 15:37:38 | 006,442,920 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2012/10/08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
PRC - [2012/01/20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/05/27 12:06:16 | 001,138,783 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/12 01:49:44 | 000,944,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
PRC - [2010/11/20 15:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/07/29 01:40:56 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/27 22:27:06 | 000,053,248 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Screencast-O-Matic\SOMTrayNative-1.0.dll
MOD - [2013/07/26 19:53:44 | 000,089,600 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Screencast-O-Matic\SOMNative-2.17.3.dll
MOD - [2013/07/11 07:46:17 | 001,762,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\1e8ab93ceb4fdca94a7903e8339ad3c9\Newtonsoft.Json.Net20.ni.dll
MOD - [2013/07/11 07:46:17 | 000,445,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\f39f03aa71977cc4b7dbd36997fdede9\BoxSyncHelper.ni.exe
MOD - [2013/07/11 07:46:14 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BoxUtils\fe0ec1967915e81996ca238e7e8ddfb6\BoxUtils.ni.dll
MOD - [2013/07/11 07:46:14 | 000,055,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\eb61c8e3d462e9a1c02c561daa211153\ZetaLongPaths.ni.dll
MOD - [2013/07/11 07:46:10 | 000,745,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\AppLimit.NetSparkle#\69bdaccaa107c11e7f106d82b4a280f4\AppLimit.NetSparkle.Net40.ni.dll
MOD - [2013/07/11 07:46:09 | 000,387,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Python.Runtime\12ddb26b53f64d66c5a54adb03877b60\Python.Runtime.ni.dll
MOD - [2013/07/11 07:46:08 | 008,051,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BoxSync\f0484dd761f25670a869d2cdfe9f5ca5\BoxSync.ni.exe
MOD - [2013/07/11 07:43:16 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll
MOD - [2013/07/11 07:43:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/11 07:43:07 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\dca6df8260d6c4c0bd66cb3be72eb73a\System.Transactions.ni.dll
MOD - [2013/07/11 07:43:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll
MOD - [2013/07/11 07:42:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/11 07:42:28 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 07:42:25 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/11 07:42:08 | 000,687,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\8a64025f7849664164acd20d3f8dcd7f\System.Security.ni.dll
MOD - [2013/07/11 07:42:07 | 002,515,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\28f118aa028fafb24a10c0ef98790809\System.Data.SqlXml.ni.dll
MOD - [2013/07/11 07:42:05 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 07:42:01 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 07:42:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 07:41:52 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/20 17:41:50 | 000,344,064 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/06/20 17:41:28 | 000,231,936 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/06/20 17:40:36 | 000,253,440 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/06/20 17:40:00 | 000,117,248 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/10 14:01:44 | 000,026,624 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/01/10 14:01:26 | 010,683,392 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/01/10 14:01:24 | 001,681,408 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/01/10 14:01:22 | 007,741,952 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/01/10 14:01:20 | 002,248,192 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/01/03 18:12:30 | 000,721,920 | ---- | M] () -- C:\Program Files\Box Sync\_ssl.pyd
MOD - [2013/01/03 18:12:30 | 000,686,592 | ---- | M] () -- C:\Program Files\Box Sync\unicodedata.pyd
MOD - [2013/01/03 18:12:30 | 000,337,920 | ---- | M] () -- C:\Program Files\Box Sync\sqlite3.dll
MOD - [2013/01/03 18:12:30 | 000,285,184 | ---- | M] () -- C:\Program Files\Box Sync\_hashlib.pyd
MOD - [2013/01/03 18:12:30 | 000,111,616 | ---- | M] () -- C:\Program Files\Box Sync\win32file.pyd
MOD - [2013/01/03 18:12:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Box Sync\pywintypes27.dll
MOD - [2013/01/03 18:12:30 | 000,108,544 | ---- | M] () -- C:\Program Files\Box Sync\win32security.pyd
MOD - [2013/01/03 18:12:30 | 000,103,424 | ---- | M] () -- C:\Program Files\Box Sync\pyexpat.pyd
MOD - [2013/01/03 18:12:30 | 000,098,816 | ---- | M] () -- C:\Program Files\Box Sync\win32api.pyd
MOD - [2013/01/03 18:12:30 | 000,074,240 | ---- | M] () -- C:\Program Files\Box Sync\_ctypes.pyd
MOD - [2013/01/03 18:12:30 | 000,070,656 | ---- | M] () -- C:\Program Files\Box Sync\_elementtree.pyd
MOD - [2013/01/03 18:12:30 | 000,041,984 | ---- | M] () -- C:\Program Files\Box Sync\_sqlite3.pyd
MOD - [2013/01/03 18:12:30 | 000,040,960 | ---- | M] () -- C:\Program Files\Box Sync\_socket.pyd
MOD - [2013/01/03 18:12:30 | 000,029,184 | ---- | M] () -- C:\Program Files\Box Sync\_testcapi.pyd
MOD - [2013/01/03 18:12:30 | 000,008,192 | ---- | M] () -- C:\Program Files\Box Sync\_win32sysloader.pyd
MOD - [2012/12/11 13:07:00 | 000,963,456 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/16 03:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
MOD - [2012/10/15 15:39:00 | 000,091,536 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\z.dll
MOD - [2012/10/15 15:38:54 | 000,273,824 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2012/10/15 15:38:52 | 001,402,784 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2012/10/15 15:38:34 | 000,688,560 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2012/10/15 15:37:54 | 007,123,880 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2012/10/15 15:37:38 | 006,442,920 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2012/10/15 15:37:32 | 002,203,048 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 15:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV - [2013/06/11 15:13:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 16:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/07 01:08:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/11 13:07:00 | 000,528,256 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2013/08/11 20:12:13 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130814.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/11 20:12:13 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130814.008\NAVENG.SYS -- (NAVENG)
DRV - [2013/07/16 10:32:26 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/07/01 03:41:42 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/06/28 14:55:24 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130813.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/06/20 22:05:02 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/05/22 23:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/20 23:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/15 23:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 18:43:56 | 000,339,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)
DRV - [2013/04/15 20:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/06 01:33:04 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/04 19:21:36 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/12/03 16:36:34 | 000,070,048 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2012/12/03 16:36:32 | 000,011,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2012/11/15 09:41:06 | 000,013,728 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2012/07/27 21:05:22 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2011/06/15 12:25:10 | 001,037,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2011/05/27 12:06:16 | 000,441,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 15:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 15:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 15:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 15:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {320E18FF-18B2-4546-B043-A1A94DA6F12D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3298573
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 9B DA 37 38 1A CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {320E18FF-18B2-4546-B043-A1A94DA6F12D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{320E18FF-18B2-4546-B043-A1A94DA6F12D}: "URL" = http://search.condui...8992411559&UM=2
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3298573.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "MixiDJ V37 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V37 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MixiDJ V37 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...E-A9EAAD9057AD"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://search.condui...351123&UM=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Heidi\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Heidi\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Heidi\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/08/12 07:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/08/12 07:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/08/12 07:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Extensions
[2013/08/12 07:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\qvgfg9ie.default\extensions
[2013/08/08 18:13:03 | 000,000,000 | ---D | M] (MixiDJ V37) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\qvgfg9ie.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
[2013/08/08 18:13:03 | 000,000,997 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\qvgfg9ie.default\searchplugins\conduit.xml
[2013/06/16 21:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/16 21:08:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: QR Creator = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm\1.5_0\
CHR - Extension: Super TextTwist = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhfmfognpljllafogopofkmjfhhjblo\1.0.0.0_0\
CHR - Extension: Duolingo = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.10_0\
CHR - Extension: Google Docs = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: DictaNote - Speech Recognizer = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\6_0\
CHR - Extension: Google Drive = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: James White = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: YouTube = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: VoiceNote - speech to text. = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm\2.4.22_0\
CHR - Extension: Google Play Music = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0\
CHR - Extension: World of Solitaire = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Program Files\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe] C:\Program Files\Conduit\CT3298573\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [MusicManager] C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [PCShowServer] C:\Users\Heidi\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKCU..\Run: [Screencast-O-Matic Tray] C:\Users\Heidi\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe (Screencast-O-Matic)
O4 - Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B0851EF-09D4-4DCE-AD65-11C264044355}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/11 18:21:22 | 000,000,055 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0d9e6d48-8623-11e2-9b9a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d9e6d48-8623-11e2-9b9a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Install.exe -- [2011/05/06 12:46:12 | 000,519,144 | R--- | M] (Adobe Systems, Inc.)
O33 - MountPoints2\{7ff4dbab-9266-11e2-8ea2-e73b72a2ead3}\Shell - "" = AutoRun
O33 - MountPoints2\{7ff4dbab-9266-11e2-8ea2-e73b72a2ead3}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 11:55:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Heidi\Desktop\OTL.exe
[2013/08/14 20:43:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/10 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/08/10 00:15:53 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Apple
[2013/08/10 00:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/08/09 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\NCH Software
[2013/08/09 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/08/09 23:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2013/08/09 23:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013/08/09 23:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2013/08/08 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\CUDA
[2013/08/08 22:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free CUDA Video Converter 6
[2013/08/08 18:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2013/08/08 18:13:48 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Conduit
[2013/08/08 18:13:31 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\CRE
[2013/08/08 18:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/07/31 09:36:23 | 000,000,000 | ---D | C] -- C:\Users\Heidi\Documents\Westminster
[2013/07/27 22:04:31 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/27 22:04:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/27 22:04:22 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/27 22:04:22 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/27 22:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/27 00:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2013/07/26 23:53:00 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Corel
[2013/07/26 21:06:12 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Autodesk
[2013/07/26 20:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2013/07/26 20:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2013/07/26 20:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2013/07/26 20:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alias
[2013/07/26 20:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013/07/26 20:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/07/26 20:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/07/26 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\wacomid-desktop-launcher
[2013/07/26 20:17:03 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2013/07/26 20:15:13 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Wacom
[2013/07/26 20:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2013/07/26 20:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2013/07/26 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bamboo Dock
[2013/07/26 20:13:59 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\WTablet
[2013/07/26 20:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2013/07/26 20:13:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
[2013/07/26 20:13:45 | 000,013,728 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomrouterfilter.sys
[2013/07/26 20:13:07 | 000,070,048 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wachidrouter.sys
[2013/07/26 20:13:07 | 000,011,680 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys
[2013/07/26 20:12:59 | 001,628,544 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.dll
[2013/07/26 20:12:59 | 001,621,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Touch_Tablet.dll
[2013/07/26 20:12:59 | 001,509,760 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2013/07/26 20:12:59 | 001,505,664 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomMT.dll
[2013/07/26 20:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2013/07/26 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
[2013/07/26 19:53:23 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Screencast-O-Matic
[2013/07/19 00:50:44 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2013/07/18 20:48:52 | 000,000,000 | R--D | C] -- C:\Users\Heidi\Dropbox
[2013/07/18 20:43:48 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/07/18 20:42:00 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Dropbox
[1 C:\Users\Heidi\Documents\*.tmp files -> C:\Users\Heidi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/15 12:00:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2911786537-350070541-2178550685-1000UA.job
[2013/08/15 11:56:57 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/15 11:56:57 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/15 11:55:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heidi\Desktop\OTL.exe
[2013/08/15 11:52:15 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2911786537-350070541-2178550685-1000Core.job
[2013/08/15 11:51:52 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/15 11:51:49 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/15 11:51:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/14 20:41:40 | 001,394,181 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\Cat.DB
[2013/08/14 18:07:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/12 15:29:47 | 000,022,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/12 15:29:47 | 000,022,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/12 07:24:07 | 2410,733,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/07 14:57:33 | 000,031,448 | ---- | M] () -- C:\Users\Heidi\Documents\icon_assessment.gif
[2013/07/31 14:10:55 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/31 01:44:36 | 000,000,408 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\CamShapes.ini
[2013/07/31 01:44:36 | 000,000,408 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\CamLayout.ini
[2013/07/31 01:44:36 | 000,000,096 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Camdata.ini
[2013/07/27 22:04:00 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/07/27 22:03:59 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/07/27 22:03:59 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/07/27 22:03:59 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/07/27 22:03:59 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/07/27 22:03:59 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/07/27 21:06:49 | 000,004,509 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\CamStudio.cfg
[2013/07/27 00:38:57 | 000,488,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/26 20:43:05 | 000,002,204 | ---- | M] () -- C:\Users\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 2011 sp2.lnk
[2013/07/26 20:43:04 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk SketchBook Express 2011 sp2.lnk
[2013/07/26 20:15:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013/07/26 20:13:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013/07/18 21:32:45 | 000,001,262 | ---- | M] () -- C:\Users\Heidi\Desktop\Music Manager.lnk
[2013/07/18 20:48:53 | 000,001,039 | ---- | M] () -- C:\Users\Heidi\Desktop\Dropbox.lnk
[2013/07/18 20:44:25 | 000,001,049 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/07/18 20:11:12 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\VT20130115.021
[2013/07/18 19:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Users\Heidi\Documents\*.tmp files -> C:\Users\Heidi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/07 14:57:32 | 000,031,448 | ---- | C] () -- C:\Users\Heidi\Documents\icon_assessment.gif
[2013/07/27 00:57:28 | 000,004,509 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\CamStudio.cfg
[2013/07/27 00:57:28 | 000,000,408 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\CamShapes.ini
[2013/07/27 00:57:28 | 000,000,408 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\CamLayout.ini
[2013/07/27 00:57:28 | 000,000,096 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\Camdata.ini
[2013/07/26 20:43:04 | 000,002,204 | ---- | C] () -- C:\Users\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 2011 sp2.lnk
[2013/07/26 20:43:04 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk SketchBook Express 2011 sp2.lnk
[2013/07/26 20:15:05 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013/07/26 20:13:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013/07/18 21:32:45 | 000,001,262 | ---- | C] () -- C:\Users\Heidi\Desktop\Music Manager.lnk
[2013/07/18 20:48:52 | 000,001,039 | ---- | C] () -- C:\Users\Heidi\Desktop\Dropbox.lnk
[2013/07/18 20:44:25 | 000,001,049 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/17 20:50:18 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2013/03/22 13:57:44 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/03/05 23:15:08 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#3
Essexboy
Posted 15 August 2013 - 01:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get at it shall we :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {320E18FF-18B2-4546-B043-A1A94DA6F12D}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3298573
IE - HKCU\..\SearchScopes\{320E18FF-18B2-4546-B043-A1A94DA6F12D}: "URL" = http://search.condui...8992411559&UM=2
FF - prefs.js..CT3298573.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "MixiDJ V37 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V37 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN33014512592351123&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "MixiDJ V37 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN33014512592351123&UM=2&UP=SPB37A1FB7-17E2-4C95-BE5E-A9EAAD9057AD"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN33014512592351123&UM=2&q="
[2013/08/08 18:13:03 | 000,000,000 | ---D | M] (MixiDJ V37) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\qvgfg9ie.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
[2013/08/08 18:13:03 | 000,000,997 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\qvgfg9ie.default\searchplugins\conduit.xml
O4 - HKCU..\Run: [ConduitFloatingPlugin_mfchmfgdaabgdjbcaophikcobddojjoe] C:\Program Files\Conduit\CT3298573\plugins\TBVerifier.dll (Conduit Ltd.)
[2013/08/08 18:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Wajam
[2013/08/08 18:13:48 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Conduit
[2013/08/08 18:13:31 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\CRE
[2013/08/08 18:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#4
hboyce
Posted 15 August 2013 - 02:06 PM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL logfile created on: 8/15/2013 1:57:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Heidi\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.58% Memory free
5.99 Gb Paging File | 4.81 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.89 Gb Total Space | 179.55 Gb Free Space | 80.92% Space Free | Partition Type: NTFS
Drive D: | 7.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HEIDI-PC | User Name: Heidi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/15 11:55:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heidi\Desktop\OTL.exe
PRC - [2013/07/24 18:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/07/12 18:02:23 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/20 17:52:00 | 007,345,664 | ---- | M] (Google Inc.) -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/06/05 11:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/21 19:48:08 | 000,393,216 | ---- | M] (Box, Inc.) -- C:\Program Files\Box Sync\BoxSyncHelper.exe
PRC - [2013/02/21 19:48:06 | 007,969,792 | ---- | M] (Box, Inc.) -- C:\Program Files\Box Sync\BoxSync.exe
PRC - [2013/01/08 08:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012/12/11 13:07:00 | 004,066,688 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2012/12/11 13:07:00 | 000,528,256 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
PRC - [2012/12/11 13:06:58 | 007,222,144 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2012/12/11 13:06:58 | 001,639,808 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2012/11/29 20:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/01 10:24:48 | 000,058,480 | ---- | M] (Screencast-O-Matic) -- C:\Users\Heidi\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe
PRC - [2012/10/16 03:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2012/10/15 15:37:42 | 000,525,240 | ---- | M] (NDS Technologies) -- C:\Users\Heidi\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2012/10/15 15:37:38 | 006,442,920 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2012/10/08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
PRC - [2012/01/20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/05/27 12:06:16 | 001,138,783 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/12 01:49:44 | 000,944,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
PRC - [2010/11/20 15:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 13:55:08 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed8578ec73e1c037f8227244f131aa5c\System.Windows.Forms.ni.dll
MOD - [2013/08/15 13:54:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 13:54:25 | 002,515,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\a66a651bdb8819723d389121c6f3856b\System.Data.SqlXml.ni.dll
MOD - [2013/08/15 13:54:25 | 000,687,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\e11b90dab2940e7e3f1c0d4d0148a374\System.Security.ni.dll
MOD - [2013/08/15 13:54:22 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 13:54:18 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 13:54:17 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/27 22:27:06 | 000,053,248 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Screencast-O-Matic\SOMTrayNative-1.0.dll
MOD - [2013/07/26 19:53:44 | 000,089,600 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Screencast-O-Matic\SOMNative-2.17.3.dll
MOD - [2013/07/24 18:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 18:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 18:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/21 16:48:15 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 16:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/11 07:46:09 | 000,387,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Python.Runtime\12ddb26b53f64d66c5a54adb03877b60\Python.Runtime.ni.dll
MOD - [2013/07/11 07:42:25 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/11 07:41:52 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/20 17:41:50 | 000,344,064 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/06/20 17:41:28 | 000,231,936 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/06/20 17:40:36 | 000,253,440 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/06/20 17:40:00 | 000,117,248 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/04/19 16:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/10 14:01:44 | 000,026,624 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/01/10 14:01:26 | 010,683,392 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/01/10 14:01:24 | 001,681,408 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/01/10 14:01:22 | 007,741,952 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/01/10 14:01:20 | 002,248,192 | ---- | M] () -- C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/01/03 18:12:30 | 000,721,920 | ---- | M] () -- C:\Program Files\Box Sync\_ssl.pyd
MOD - [2013/01/03 18:12:30 | 000,686,592 | ---- | M] () -- C:\Program Files\Box Sync\unicodedata.pyd
MOD - [2013/01/03 18:12:30 | 000,337,920 | ---- | M] () -- C:\Program Files\Box Sync\sqlite3.dll
MOD - [2013/01/03 18:12:30 | 000,285,184 | ---- | M] () -- C:\Program Files\Box Sync\_hashlib.pyd
MOD - [2013/01/03 18:12:30 | 000,111,616 | ---- | M] () -- C:\Program Files\Box Sync\win32file.pyd
MOD - [2013/01/03 18:12:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Box Sync\pywintypes27.dll
MOD - [2013/01/03 18:12:30 | 000,108,544 | ---- | M] () -- C:\Program Files\Box Sync\win32security.pyd
MOD - [2013/01/03 18:12:30 | 000,103,424 | ---- | M] () -- C:\Program Files\Box Sync\pyexpat.pyd
MOD - [2013/01/03 18:12:30 | 000,098,816 | ---- | M] () -- C:\Program Files\Box Sync\win32api.pyd
MOD - [2013/01/03 18:12:30 | 000,074,240 | ---- | M] () -- C:\Program Files\Box Sync\_ctypes.pyd
MOD - [2013/01/03 18:12:30 | 000,070,656 | ---- | M] () -- C:\Program Files\Box Sync\_elementtree.pyd
MOD - [2013/01/03 18:12:30 | 000,041,984 | ---- | M] () -- C:\Program Files\Box Sync\_sqlite3.pyd
MOD - [2013/01/03 18:12:30 | 000,040,960 | ---- | M] () -- C:\Program Files\Box Sync\_socket.pyd
MOD - [2013/01/03 18:12:30 | 000,029,184 | ---- | M] () -- C:\Program Files\Box Sync\_testcapi.pyd
MOD - [2013/01/03 18:12:30 | 000,008,192 | ---- | M] () -- C:\Program Files\Box Sync\_win32sysloader.pyd
MOD - [2012/12/11 23:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/12/11 13:07:00 | 000,963,456 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/16 03:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
MOD - [2012/10/15 15:39:00 | 000,091,536 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\z.dll
MOD - [2012/10/15 15:38:54 | 000,273,824 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2012/10/15 15:38:52 | 001,402,784 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2012/10/15 15:38:34 | 000,688,560 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2012/10/15 15:37:54 | 007,123,880 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2012/10/15 15:37:38 | 006,442,920 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2012/10/15 15:37:32 | 002,203,048 | ---- | M] () -- C:\Users\Heidi\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2012/10/05 04:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 04:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/10/05 04:53:23 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
MOD - [2012/10/05 04:53:23 | 000,188,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 15:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 15:29:03 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV - [2013/06/11 15:13:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/11 16:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/07 01:08:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/11 13:07:00 | 000,528,256 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2013/08/11 20:12:13 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130814.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/11 20:12:13 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130814.008\NAVENG.SYS -- (NAVENG)
DRV - [2013/07/16 10:32:26 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/07/01 03:41:42 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/06/28 14:55:24 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130813.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/06/20 22:05:02 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/05/22 23:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/20 23:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/15 23:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 18:43:56 | 000,339,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)
DRV - [2013/04/15 20:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/06 01:33:04 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/04 19:21:36 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/12/03 16:36:34 | 000,070,048 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter)
DRV - [2012/12/03 16:36:32 | 000,011,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2012/11/15 09:41:06 | 000,013,728 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV - [2012/07/27 21:05:22 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2011/06/15 12:25:10 | 001,037,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2011/05/27 12:06:16 | 000,441,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 15:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 15:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 15:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 15:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 9B DA 37 38 1A CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {320E18FF-18B2-4546-B043-A1A94DA6F12D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3298573.browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Heidi\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Heidi\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Heidi\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Heidi\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/08/15 13:56:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/08/12 07:03:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/08/12 07:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Extensions
[2013/08/15 13:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heidi\AppData\Roaming\Mozilla\Firefox\Profiles\qvgfg9ie.default\extensions
[2013/06/16 21:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/16 21:08:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: QR Creator = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm\1.5_0\
CHR - Extension: Super TextTwist = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhfmfognpljllafogopofkmjfhhjblo\1.0.0.0_0\
CHR - Extension: Duolingo = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl\1.0.10_0\
CHR - Extension: Google Docs = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: DictaNote - Speech Recognizer = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\6_0\
CHR - Extension: Google Drive = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: James White = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: YouTube = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Box - 5 GB Free Storage = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0\
CHR - Extension: VoiceNote - speech to text. = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfknjgplnkgjihghcidajejfmldhibfm\2.4.22_0\
CHR - Extension: Google Play Music = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0\
CHR - Extension: World of Solitaire = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Gmail = C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/15 13:51:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Program Files\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [MusicManager] C:\Users\Heidi\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [PCShowServer] C:\Users\Heidi\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKCU..\Run: [Screencast-O-Matic Tray] C:\Users\Heidi\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe (Screencast-O-Matic)
O4 - Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Heidi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.2.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B0851EF-09D4-4DCE-AD65-11C264044355}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/04/11 18:21:22 | 000,000,055 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0d9e6d48-8623-11e2-9b9a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d9e6d48-8623-11e2-9b9a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Install.exe -- [2011/05/06 12:46:12 | 000,519,144 | R--- | M] (Adobe Systems, Inc.)
O33 - MountPoints2\{7ff4dbab-9266-11e2-8ea2-e73b72a2ead3}\Shell - "" = AutoRun
O33 - MountPoints2\{7ff4dbab-9266-11e2-8ea2-e73b72a2ead3}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 13:50:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/15 11:55:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Heidi\Desktop\OTL.exe
[2013/08/10 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/08/10 00:15:53 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Apple
[2013/08/10 00:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/08/09 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\NCH Software
[2013/08/09 23:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/08/09 23:52:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2013/08/09 23:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013/08/09 23:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2013/08/08 22:43:13 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\CUDA
[2013/08/08 22:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free CUDA Video Converter 6
[2013/07/31 09:36:23 | 000,000,000 | ---D | C] -- C:\Users\Heidi\Documents\Westminster
[2013/07/27 22:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/07/27 00:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2013/07/26 23:53:00 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Corel
[2013/07/26 21:06:12 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Autodesk
[2013/07/26 20:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2013/07/26 20:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2013/07/26 20:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Nik Software
[2013/07/26 20:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alias
[2013/07/26 20:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013/07/26 20:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/07/26 20:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/07/26 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\wacomid-desktop-launcher
[2013/07/26 20:17:03 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2013/07/26 20:15:13 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Wacom
[2013/07/26 20:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom
[2013/07/26 20:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock
[2013/07/26 20:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bamboo Dock
[2013/07/26 20:13:59 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\WTablet
[2013/07/26 20:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2013/07/26 20:13:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
[2013/07/26 20:13:45 | 000,013,728 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomrouterfilter.sys
[2013/07/26 20:13:07 | 000,070,048 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wachidrouter.sys
[2013/07/26 20:13:07 | 000,011,680 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\hidkmdf.sys
[2013/07/26 20:12:59 | 001,628,544 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.dll
[2013/07/26 20:12:59 | 001,621,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Touch_Tablet.dll
[2013/07/26 20:12:59 | 001,509,760 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2013/07/26 20:12:59 | 001,505,664 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomMT.dll
[2013/07/26 20:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2013/07/26 19:53:28 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
[2013/07/26 19:53:23 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Local\Screencast-O-Matic
[2013/07/19 00:50:44 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2013/07/18 20:48:52 | 000,000,000 | R--D | C] -- C:\Users\Heidi\Dropbox
[2013/07/18 20:43:48 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/07/18 20:42:00 | 000,000,000 | ---D | C] -- C:\Users\Heidi\AppData\Roaming\Dropbox
[1 C:\Users\Heidi\Documents\*.tmp files -> C:\Users\Heidi\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/15 14:00:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2911786537-350070541-2178550685-1000UA.job
[2013/08/15 13:57:09 | 000,022,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 13:57:09 | 000,022,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 13:53:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/15 13:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 13:53:11 | 2410,733,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 13:53:08 | 001,410,271 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\Cat.DB
[2013/08/15 13:51:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/08/15 13:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/15 13:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/15 11:56:57 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/15 11:56:57 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/15 11:55:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Heidi\Desktop\OTL.exe
[2013/08/15 11:52:15 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2911786537-350070541-2178550685-1000Core.job
[2013/08/07 14:57:33 | 000,031,448 | ---- | M] () -- C:\Users\Heidi\Documents\icon_assessment.gif
[2013/07/31 14:10:55 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/31 01:44:36 | 000,000,408 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\CamShapes.ini
[2013/07/31 01:44:36 | 000,000,408 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\CamLayout.ini
[2013/07/31 01:44:36 | 000,000,096 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Camdata.ini
[2013/07/27 21:06:49 | 000,004,509 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\CamStudio.cfg
[2013/07/27 00:38:57 | 000,488,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/26 20:43:05 | 000,002,204 | ---- | M] () -- C:\Users\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 2011 sp2.lnk
[2013/07/26 20:43:04 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk SketchBook Express 2011 sp2.lnk
[2013/07/26 20:15:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013/07/26 20:13:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013/07/18 21:32:45 | 000,001,262 | ---- | M] () -- C:\Users\Heidi\Desktop\Music Manager.lnk
[2013/07/18 20:48:53 | 000,001,039 | ---- | M] () -- C:\Users\Heidi\Desktop\Dropbox.lnk
[2013/07/18 20:44:25 | 000,001,049 | ---- | M] () -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/07/18 20:11:12 | 000,014,818 | ---- | M] () -- C:\Windows\System32\drivers\N360\1404000.028\VT20130115.021
[1 C:\Users\Heidi\Documents\*.tmp files -> C:\Users\Heidi\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/07 14:57:32 | 000,031,448 | ---- | C] () -- C:\Users\Heidi\Documents\icon_assessment.gif
[2013/07/27 00:57:28 | 000,004,509 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\CamStudio.cfg
[2013/07/27 00:57:28 | 000,000,408 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\CamShapes.ini
[2013/07/27 00:57:28 | 000,000,408 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\CamLayout.ini
[2013/07/27 00:57:28 | 000,000,096 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\Camdata.ini
[2013/07/26 20:43:04 | 000,002,204 | ---- | C] () -- C:\Users\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBook Express 2011 sp2.lnk
[2013/07/26 20:43:04 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk SketchBook Express 2011 sp2.lnk
[2013/07/26 20:15:05 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Bamboo Dock.lnk
[2013/07/26 20:13:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_wachidrouter_01009.Wdf
[2013/07/18 21:32:45 | 000,001,262 | ---- | C] () -- C:\Users\Heidi\Desktop\Music Manager.lnk
[2013/07/18 20:48:52 | 000,001,039 | ---- | C] () -- C:\Users\Heidi\Desktop\Dropbox.lnk
[2013/07/18 20:44:25 | 000,001,049 | ---- | C] () -- C:\Users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/17 20:50:18 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2013/03/22 13:57:44 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/03/05 23:15:08 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/26 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Autodesk
[2013/06/16 20:55:01 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Box Desktop
[2013/06/16 20:55:11 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Box Sync
[2013/06/20 14:41:30 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/11 01:49:03 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\com.prezi.PreziDesktop
[2013/08/08 22:43:13 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\CUDA
[2013/08/15 13:55:50 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Dropbox
[2013/03/06 16:03:17 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Synaptics
[2013/07/26 20:15:13 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\Wacom
[2013/07/26 20:17:05 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\wacomid-desktop-launcher
[2013/07/26 20:17:03 | 000,000,000 | ---D | M] -- C:\Users\Heidi\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

========== Purity Check ==========



< End of report >
  • 0

#5
hboyce
Posted 15 August 2013 - 02:39 PM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Professional x86
Ran by Heidi on Thu 08/15/2013 at 14:08:53.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298573
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Heidi\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Heidi\appdata\locallow\pricegong"



~~~ FireFox

Successfully deleted the following from C:\Users\Heidi\AppData\Roaming\mozilla\firefox\profiles\qvgfg9ie.default\prefs.js

user_pref("CT3298573.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN33014512592351123&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298573&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN33014512592351123&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
user_pref("smartbar.homePageOwnerCTID", "CT3298573");
user_pref("smartbar.machineId", "KDXPZJPLISM4W/VIE//DGVQNTNZ3VZQDLKIWWDIDCHWKD6KGQYCXPCXKIZASC5CDMAVVHVTNPILR0HHUDH0QHQ");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN33014512592351123&UM=2&SearchSource=13");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/15/2013 at 14:12:30.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
hboyce
Posted 15 August 2013 - 02:50 PM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I wanted to ask if I need to keep my norton products disabled while troubleshooting.
  • 0

#7
Essexboy
Posted 15 August 2013 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No need for that as Norton should not interfere. How is the computer behaving now ?
  • 0

#8
hboyce
Posted 15 August 2013 - 03:21 PM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Internet Explorer does not automatically open to the mixi.dl ... however it still comes up as my third tab in Chrome.
  • 0

#9
hboyce
Posted 15 August 2013 - 03:27 PM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I have to leave for a bit - school shopping - I'll proceed with any further ideas you may have as soon as I return. Thank you! :)
  • 0

#10
Essexboy
Posted 16 August 2013 - 05:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK for chrome there are two ways to do this :

First reset to default, details are here

Second to reset just the third tab :

Open a new tab, and then on the mixdj Search page, there should be a link on the top right hand side, Restore default new tab.
Uncheck the Show djmix Search checkbox, click OK

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

Advertisements

#11
hboyce
Posted 16 August 2013 - 10:58 AM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.16.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Heidi :: HEIDI-PC [administrator]

8/16/2013 10:50:28 AM
mbam-log-2013-08-16 (10-50-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205300
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
hboyce
Posted 16 August 2013 - 11:00 AM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I was wondering ... do you have any advice on protecting cell phones from viruses?
  • 0

#13
Essexboy
Posted 16 August 2013 - 11:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it an android phone or windows ?


How is the computer behaving now ?
  • 0

#14
hboyce
Posted 16 August 2013 - 11:57 AM

hboyce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
It is much better! Thanks! Was the mixi.dj a real problem problem or just an annoyance?

My phone is an android.
  • 0

#15
Essexboy
Posted 16 August 2013 - 12:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It was an annoyance that took over search and ate some of your bandwidth

I have an android phone and use Avast for antivirus and anti-theft

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Delete JRT from the desktop

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP