Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware infested Windows 7 computer [Solved]


  • This topic is locked This topic is locked

#16
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi Joe.

Thanks for agreeing to continue looking at my laptop issue, despite the fact it's been 2 months since my last post. I did not complete the process with you, and hence, the computer has regressed and become rittled with malware again. As requested via PM, I am enclosing a newly generated OTL logs (from the newest version of OTL).

Thanks for your continued help! You're clearly a professional who takes his job seriously!

Please see next posts for OTL logs

Sincerely,
Ray
  • 0

Advertisements


#17
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
OTL logfile created on: 1/11/2014 11:00:17 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 24.79% Memory free
5.85 Gb Paging File | 3.06 Gb Available in Paging File | 52.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 107.81 Gb Free Space | 72.38% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/11 22:31:23 | 000,097,048 | ---- | M] () -- C:\Program Files (x86)\GreyGray\updateGreyGray.exe
PRC - [2014/01/11 21:58:16 | 000,097,048 | ---- | M] () -- C:\Program Files (x86)\GreyGray\bin\utilGreyGray.exe
PRC - [2014/01/11 21:57:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2014/01/11 21:53:08 | 003,507,200 | ---- | M] () -- C:\Users\User\AppData\Local\Lollipop\lollipop_01120253.exe
PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/22 06:25:33 | 000,747,712 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/05 11:51:14 | 000,686,744 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2006/12/23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/11 21:53:08 | 003,507,200 | ---- | M] () -- C:\Users\User\AppData\Local\Lollipop\lollipop_01120253.exe
MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 21:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 21:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 21:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 21:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/22 06:25:33 | 000,747,712 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/09/05 11:51:14 | 000,686,744 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/09/06 12:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/08 16:40:34 | 003,386,608 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/02/08 16:40:08 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/02/08 16:39:48 | 000,621,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/02/08 16:39:14 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/03/23 23:07:58 | 001,039,776 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2010/03/23 23:07:58 | 000,031,136 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2014/01/11 22:31:23 | 000,097,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GreyGray\updateGreyGray.exe -- (Update GreyGray)
SRV - [2014/01/11 21:58:16 | 000,097,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GreyGray\bin\utilGreyGray.exe -- (Util GreyGray)
SRV - [2013/12/13 23:11:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/24 10:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/03/04 07:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2013/02/05 10:00:26 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/02/01 16:28:08 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/05/23 09:22:54 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/07/15 20:31:22 | 000,022,128 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/21 12:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/04/05 22:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/02/26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/03 16:40:44 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?r...CA&dcc=CA&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 12 CC 0C 87 02 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{A696FF12-263D-459E-8BA5-61A6B65AFDAE}: "URL" = http://search.yahoo....petb&type=10741
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2013/12/04 18:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha783\ff [2013/12/21 22:11:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ff [2014/01/11 21:53:26 | 000,000,000 | ---D | M]

[2013/12/17 22:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2014/01/11 21:53:26 | 000,000,000 | ---D | M] (Video Player) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA205\FF
[2013/12/21 22:11:55 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA783\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: flash-Enhancer = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0\
CHR - Extension: Video Player = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iacpddlljnoajgoegknocfeoniaimlod\1.1_0\
CHR - Extension: Webexp Enhanced = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhobldlmbofkafkjclcalepnfapgegbj\1.1_0\
CHR - Extension: GreyGray = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Widget context = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp\3.0_0\

O1 HOSTS File: ([2013/11/22 00:02:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Webexp Enhanced) - {360c5d65-e69f-4827-87df-38d4ddd598bd} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha783\ie\WebexpEnhancedV1alpha783.dll ()
O2 - BHO: (Video Player) - {596b3524-2b00-4a71-84d5-b35a6d83785a} - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta205\ie\VideoPlayerV3beta205.dll ()
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GreyGray) - {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - C:\Program Files (x86)\GreyGray\GreyGrayBHO.dll (GreyGray)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CFDA71C4-9631-40D5-A319-24749188FB41} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKCU..\Run: [lollipop_01120253] c:\users\user\appdata\local\lollipop\lollipop_01120253.exe ()
O4 - HKCU..\Run: [NextLive] C:\Users\User\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42A67D53-978A-4EAD-9DC8-C6D9FF3672A4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87D8D90F-A1D1-4780-9468-93D4526CBC90}: DhcpNameServer = 206.248.154.22 206.248.154.170 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCA34FEB-9FD9-4134-9F50-9BBFAEBE609C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/11 21:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayerV3
[2014/01/11 21:52:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
[2013/12/21 22:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebexpEnhancedV1
[2013/12/17 22:17:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Mozilla
[2013/12/13 22:45:12 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/13 22:45:11 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/13 22:45:10 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/13 22:45:09 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/13 22:41:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/13 22:41:53 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/13 22:41:52 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/13 22:41:52 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/13 22:41:52 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/13 22:41:52 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/13 22:41:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/13 22:41:51 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/13 22:41:51 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/13 22:41:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/13 22:41:50 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/13 22:41:50 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/13 22:41:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/13 22:41:47 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/13 22:41:47 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/13 22:41:44 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/11 22:35:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/01/11 22:30:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/11 22:11:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/11 21:57:55 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/11 21:57:52 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/11 21:54:15 | 000,000,170 | ---- | M] () -- C:\extensions.ini
[2014/01/11 21:52:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/11 21:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/11 21:51:49 | 2357,608,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/16 21:20:12 | 000,743,352 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/16 21:20:12 | 000,636,630 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/16 21:20:12 | 000,110,746 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/15 20:58:56 | 000,416,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/13 23:11:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/13 23:11:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/21 22:12:43 | 000,000,170 | ---- | C] () -- C:\extensions.ini
[2013/11/22 23:52:30 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/06/06 14:12:40 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/29 20:09:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2013/11/24 12:07:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games
[2014/01/11 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\newnext.me

========== Purity Check ==========



< End of report >
  • 0

#18
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
OTL Extras logfile created on: 1/11/2014 11:00:17 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 24.79% Memory free
5.85 Gb Paging File | 3.06 Gb Available in Paging File | 52.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 107.81 Gb Free Space | 72.38% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{67E2C999-182C-4D23-A9B0-B35D4CFA0BAE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10162255-67BE-47B5-B793-FB57EFEF736E}" = protocol=6 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"{254B7D94-4A0C-41EB-BA28-6F5C3C97A69B}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3B702AB9-928C-41A4-B98D-322792F53E0A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8AE36B39-4398-4C0B-A2D7-E002224912FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{98F0F4ED-3082-4953-BC49-6B36865FC61C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BED7807D-3E11-4629-BDD3-435E75650AE3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F604C9D3-1802-4CAB-93E7-595BCC735FCF}" = protocol=17 | dir=in | app=c:\program files (x86)\firaxis games\sid meier's civilization 4\civilization4.exe |
"TCP Query User{35B6FC52-DEC5-4E17-8C56-B54A25CFE2D0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{F6F7F0BE-2E68-46AE-8A6F-2F5DE4C0AB41}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{2D0DF5A0-4470-46E1-9ECD-068E4CEE2C40}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{D0AD9190-01C1-4ABC-80B1-F4ABB19146BC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7C6CD9B4-B230-4E76-80AA-FB465FF4DE29}" = Intel® PROSet/Wireless WiFi Software Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E80AF23-17B4-4611-B28E-68A114B23488}" = Dell ControlVault Host Components Installer 64Bit
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{DEF50764-F1A7-4DD4-B8BA-C81A4807631A}" = Intel® PROSet/Wireless WiFi Software
"{E01EEE45-7768-4984-BDB2-76F5C5A823BE}" = Dell Custom Help
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"GreyGray" = GreyGray 2013.11.07.204235
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel® Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{fae8de85-97ab-4053-a8bb-03bfc86ac533}" = Intel® PROSet/Wireless Software
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Cisco Connect" = Cisco Connect
"flash-Enhancer" = flash-Enhancer
"Google Chrome" = Google Chrome
"Lightspark" = Lightspark 0.5.3-git
"Mobogenie" = Mobogenie
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Video Player" = Video Player
"VirtualCloneDrive" = VirtualCloneDrive
"Webexp Enhanced" = Webexp Enhanced
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"lollipop_01120253" = Lollipop
"UnityWebPlayer" = Unity Web Player
"Word Layers" = Word Layers

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2013 12:10:02 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/24/2013 10:25:29 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/25/2013 4:07:03 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/25/2013 10:09:01 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/26/2013 5:14:43 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/26/2013 6:39:30 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ZeroConfigService.exe, version: 15.6.0.0,
time stamp: 0x5115a519 Faulting module name: MurocApi.dll, version: 15.6.0.0, time
stamp: 0x5115a44c Exception code: 0xc0000005 Fault offset: 0x0000000000026990 Faulting
process id: 0xa64 Faulting application start time: 0x01cf028b4de733d2 Faulting application
path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Faulting module path:
C:\Program Files\Intel\WiFi\bin\MurocApi.dll Report Id: 94d8faa4-6e7e-11e3-8e5c-0026b9ea8deb

Error - 12/26/2013 6:39:41 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/27/2013 7:10:10 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/29/2013 3:11:11 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2014 10:52:32 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/13/2013 11:44:57 PM | Computer Name = User-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.163.1563.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10100.0

Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/14/2013 12:21:45 AM | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =

Error - 12/15/2013 9:56:22 PM | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:22:14 PM on ?12/?13/?2013 was unexpected.

Error - 12/15/2013 10:23:39 PM | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =

Error - 12/15/2013 10:23:44 PM | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =

Error - 12/26/2013 6:15:16 PM | Computer Name = User-PC | Source = DCOM | ID = 10005
Description =

Error - 12/26/2013 6:15:16 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 12/26/2013 6:15:16 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 12/26/2013 6:40:17 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Zero Configuration Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 12/29/2013 3:11:53 PM | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi rpjaway,

You're welcome,

I need time to look things over. In the mean time I need from you,


Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

Next

Posted Image Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next

Download Security Check by screen317 from http://screen317.spy...curityCheck.exe or http://screen317.cha...curityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please post the following logs in your next reply:

  • AdwCleaner[S0].txt
  • checkup.txt
  • JRT.txt

Thanks
Joe :)

Edited by zep516, 11 January 2014 - 10:29 PM.

  • 0

#20
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
# AdwCleaner v3.016 - Report created 12/01/2014 at 00:16:55
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\User\AppData\Local\lollipop
Folder Deleted : C:\Users\User\AppData\Local\Mobogenie
Folder Deleted : C:\Users\User\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\User\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\User\AppData\Local\WhiteListing
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\User\Documents\Mobogenie
File Deleted : C:\Users\User\Desktop\Mobogenie.lnk
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop_01120253]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4567 octets] - [22/11/2013 19:37:25]
AdwCleaner[R1].txt - [935 octets] - [23/11/2013 00:23:12]
AdwCleaner[R2].txt - [3114 octets] - [11/01/2014 23:45:15]
AdwCleaner[S0].txt - [4707 octets] - [22/11/2013 19:38:30]
AdwCleaner[S1].txt - [999 octets] - [23/11/2013 00:24:07]
AdwCleaner[S2].txt - [3061 octets] - [12/01/2014 00:16:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3121 octets] ##########
  • 0

#21
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Adobe Reader XI
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
  • 0

#22
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Sun 01/12/2014 at 17:48:24.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/12/2014 at 17:54:02.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Ok.

Thanks for the log reports. I'll get back to you with an OTL Fix, but not tonite.

Microsoft Security Essentials
(On Access scanning disabled!)

Make sure that is running, you may have had it stopped when you ran Junkware removal tool.

How is the computer running, what issues remain?

Thanks
Joe :)
  • 0

#24
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi Joe.

The computer has an infuriating number of ads popping up everywhere when using both IE and Chrome.

Other behavior which is probably ok:
- "Dell System Detect" has a popup saying that there is an app update.
- "Microsoft Security Essentials" reported Adware:win32/BetterSurf, so I allowed it to be deleted....then I ran a quick scan, followed by a full scan (it found the BetterSurf again, and I deleted it again). rebooted and did a quick scan again: no threats found.

even after the above, the browser is still riddled with malware and popups.
  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
OK.

Thanks for the up date, I need that kind of information to better go through the OTL Log and that's what I'm doing now. I'll have a fix for you Tomorrow and we will go from there. I have some items in the fix that the other scanners did not address and hopefully that takes care of it.

Don't try and remove anything or run anymore scanners.

Thank you for your patience,

Joe
  • 0

Advertisements


#26
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

OK.

Thanks for the up date, I need that kind of information to better go through the OTL Log and that's what I'm doing now. I'll have a fix for you Tomorrow and we will go from there. I have some items in the fix that the other scanners did not address and hopefully that takes care of it.

Don't try and remove anything or run anymore scanners.

Thank you for your patience,

Joe


Thanks very much, Joe. Appreciate your help.
  • 0

#27
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello rpjaway

First
Lets remove all of those programs listed below if found. Some of them may not be found
==> Click > Start > Control Panel > Programs & Features

  • Mobogenie
  • Webexp Enhanced
  • Lollipop
  • Word Layers
  • GreyGray 2013.11.07.204235
  • McAfee Security Scan Plus

We need to do a fix using OTL

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    [2013/12/21 22:11:55 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA783\FF
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha783\ff [2013/12/21 22:11:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2013/12/04 18:03:11 | 000,000,000 | ---D | M]
    [2013/12/21 22:11:55 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA783\FF
    O2 - BHO: (Webexp Enhanced) - {360c5d65-e69f-4827-87df-38d4ddd598bd} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha783\ie\WebexpEnhancedV1alpha783.dll ()
    O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll ()
    O2 - BHO: (GreyGray) - {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - C:\Program Files (x86)\GreyGray\GreyGrayBHO.dll (GreyGray)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CFDA71C4-9631-40D5-A319-24749188FB41} - No CLSID value found.
    O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()
    O4 - HKCU..\Run: [lollipop_01120253] c:\users\user\appdata\local\lollipop\lollipop_01120253.exe ()
    O4 - HKCU..\Run: [NextLive] C:\Users\User\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
    [2014/01/11 21:52:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
    [2013/12/21 22:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebexpEnhancedV1
    [2014/01/11 22:35:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
    [2014/01/11 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\newnext.me 
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

In your next reply please post;

  • OTL Fix Log Located here--> C:\_OTL\Moved Files
  • OTL.txt after quick scan.

Tell me how things are now

Thanks
Joe :)
  • 0

#28
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi Joe.

Thanks for your reply. Here's my results:

1. Uninstalling programs:

lollipop: Says it may have already been uninstalled and would I like to simply delete it from the programs group. OK
word layers: uninstalled
webexp: Says it may have already been uninstalled and would I like to simply delete it from the programs group. OK
Mobogenie: not listed in programs group
GreyGray 2013.11.07.204235: uninstalled OK
McAfee Security Scan Plus: uninstalled OK


2. OLT

A) I cut & pasted your script into OLT but accidentally clicked RUN SCAN. So, I included the log file from that (see next post)
B) Next, I clicked RUN FIX. log file included below
C) Next, clicked QUICK SCAN. log file included below.

3. Results: I tried using IE and Chrome for a 5 mins each. Chrome is still affected with some malware (but less than before). IE seems malware-free now! The system is definitely getting better.

Thanks!!
-Ray
  • 0

#29
rpjaway

rpjaway

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
All processes killed
========== COMMANDS ==========
========== OTL ==========
Folder C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA783\FF\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha783\ff not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults\preferences folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\defaults folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\locale folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\utils folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons\default folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content\core folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome\content folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff\chrome folder moved successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ff folder moved successfully.
Folder C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA783\FF\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{360c5d65-e69f-4827-87df-38d4ddd598bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{360c5d65-e69f-4827-87df-38d4ddd598bd}\ not found.
File C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha783\ie\WebexpEnhancedV1alpha783.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A60B6BB-FA81-4EFA-AB9C-A820E2143736}\ deleted successfully.
C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiBho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae60e6ed-49dd-4099-8b5e-386a4908d5d5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae60e6ed-49dd-4099-8b5e-386a4908d5d5}\ not found.
File C:\Program Files (x86)\GreyGray\GreyGrayBHO.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CFDA71C4-9631-40D5-A319-24749188FB41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFDA71C4-9631-40D5-A319-24749188FB41}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon not found.
File C:\Program Files (x86)\Mobogenie\DaemonProcess.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\lollipop_01120253 not found.
File c:\users\user\appdata\local\lollipop\lollipop_01120253.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive not found.
C:\Users\User\AppData\Roaming\newnext.me\nengine.dll moved successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop folder moved successfully.
C:\Program Files (x86)\WebexpEnhancedV1 folder moved successfully.
File C:\Windows\tasks\AmiUpdXp.job not found.
C:\Users\User\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\User\AppData\Roaming\newnext.me folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 24668968 bytes
->Temporary Internet Files folder emptied: 11181500 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 425578820 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11638738 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36734 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 451.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01152014_193838

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi rpjaway,

That's the fix log you posted and it removed a lot of bad things :)

Post a fresh OTL Log.

Tell me what exactly is going on with Chrome?

Thanks
Joe :)

Edited by zep516, 15 January 2014 - 09:26 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP