Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware [Solved]

Started by heyage13 , Nov 21 2013 11:31 AM

  • This topic is locked This topic is locked

#1
heyage13
Posted 21 November 2013 - 11:31 AM

heyage13

    Member

  • Member
  • PipPipPip
  • 132 posts
I have noticed after the past few days that certain words are highlighted as links on random webpages. If I put my mouse over the link a pic will populate with a link to searchfog.com. As well, certain links in webpages I regularly visit have all of a sudden stopped working. I need to right click on the link and click "open link in new tab" for it to open.

Here is my OTL scan report:

OTL logfile created on: 21/11/2013 12:13:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Room PC\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 34.24% Memory free
6.50 Gb Paging File | 3.73 Gb Available in Paging File | 57.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 585.60 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 660.03 Gb Free Space | 35.43% Space Free | Partition Type: NTFS

Computer Name: ROOMPC-PC | User Name: Room PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 12:12:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Room PC\Downloads\OTL.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/23 02:19:06 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/10/23 02:19:05 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/10/17 20:35:59 | 014,650,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013/10/17 20:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/17 20:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 15:42:22 | 000,316,360 | ---- | M] (Azureus Software, Inc) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012/11/02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/05/18 00:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/14 18:10:30 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/05/19 16:21:38 | 030,138,368 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:30 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/12/14 15:42:22 | 000,077,768 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.17-M2-x86.dll
MOD - [2012/12/14 15:42:22 | 000,053,160 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2012/12/14 15:42:22 | 000,019,368 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/17 20:35:59 | 014,650,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/10/17 20:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/09 17:34:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/10 21:17:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/05/18 00:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/04/16 14:53:02 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV - [2013/10/23 05:24:25 | 010,410,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/09/27 18:01:42 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/08/25 18:36:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/06/16 07:38:15 | 000,161,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/04/17 01:56:20 | 000,018,704 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2012/12/05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/11/02 15:37:10 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/05/16 10:13:14 | 000,093,336 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2012/04/09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2012/03/26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012/02/09 01:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/07/13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/27 18:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 18:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 18:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 16:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/10/13 02:16:02 | 000,049,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009/07/13 17:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2008/04/28 15:59:20 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/02/20 14:47:44 | 000,765,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 B3 05 D9 13 07 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{73B7AEE8-A5C4-4C2C-BA6E-46AF924E7732}: "URL" = http://search.condui...3528011703&UM=2
IE - HKCU\..\SearchScopes\{F09C50BD-091D-4F59-B47C-8E406CB5D05D}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Room PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Room PC\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/21 15:45:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/21 15:45:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Citrix\ICA Client\npicaN.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Disabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Disabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Dark Vibe = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: Personal Trainer = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke\1.7_0\
CHR - Extension: Planner 5D = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Pop Art Studio Online = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oompiimecpnflklhlnmdpddcjdmiibkf\1.0.0.0_0\
CHR - Extension: Psykopaint = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Weather Underground = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: World Clocks = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej\5.0_0\
CHR - Extension: Gmail = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABE211A-EB13-4D5B-BAE4-4B9C78D45C27}: DhcpNameServer = 64.71.255.204 64.71.255.198
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/20 17:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2013/11/20 17:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure
[2013/11/20 17:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2013/11/16 13:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saints Row IV
[2013/11/16 13:25:43 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Roaming\NVIDIA
[2013/11/16 13:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/11/14 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/13 23:52:02 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/13 23:52:01 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/13 23:52:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/13 23:52:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/13 23:52:00 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/13 23:51:59 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/13 23:51:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/13 23:51:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/13 23:51:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/13 23:51:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/13 17:28:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/13 17:28:20 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 17:28:14 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/13 17:28:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/13 17:28:12 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/13 17:28:12 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/03 23:23:54 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013/11/03 23:22:46 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco32.dll
[2013/11/03 23:22:46 | 000,161,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013/11/03 23:22:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013/11/03 23:22:45 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233165.dll
[2013/11/03 23:22:45 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233165.dll
[2013/11/03 23:22:44 | 022,933,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/11/03 23:22:44 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/11/03 23:22:44 | 015,855,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/11/03 23:22:44 | 015,212,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013/11/03 23:22:44 | 010,410,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/11/03 23:22:44 | 009,524,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/11/03 23:22:44 | 009,480,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/11/03 23:22:44 | 002,946,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/11/03 23:22:44 | 002,747,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/11/03 23:22:44 | 002,695,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/11/03 23:22:44 | 001,241,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013/11/03 23:22:44 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/11/03 23:22:44 | 000,560,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/11/03 23:22:44 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013/11/03 23:22:44 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013/10/30 23:03:18 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvspcap.dll
[2013/10/30 23:02:31 | 000,033,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvvad32v.sys
[2013/10/30 22:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013/10/30 22:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/10/30 22:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/30 22:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/30 22:52:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/30 22:51:59 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/30 22:51:59 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/30 22:51:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/30 22:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/30 22:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/23 20:27:59 | 000,000,000 | ---D | C] -- C:\Users\Room PC\Desktop\Sints Row IV
[2013/10/23 03:02:36 | 000,589,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2010/12/22 11:26:24 | 487,666,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Room PC\AppData\Roaming\AcrobatPro_10_Web_WWEFD.exe

========== Files - Modified Within 30 Days ==========

[2013/11/21 12:11:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/21 11:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/21 11:22:02 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2013/11/21 11:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/21 03:00:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/20 18:58:55 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 18:58:55 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 18:55:54 | 000,668,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/20 18:55:54 | 000,129,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/20 18:51:42 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2013/11/20 18:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/20 18:51:30 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/20 17:57:57 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2013/11/19 05:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/10/23 05:24:25 | 022,933,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/10/23 05:24:25 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/10/23 05:24:25 | 015,855,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/10/23 05:24:25 | 015,212,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013/10/23 05:24:25 | 010,410,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/10/23 05:24:25 | 009,524,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/10/23 05:24:25 | 009,480,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/10/23 05:24:25 | 002,946,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/10/23 05:24:25 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/10/23 05:24:25 | 002,695,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/10/23 05:24:25 | 001,241,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013/10/23 05:24:25 | 001,049,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233165.dll
[2013/10/23 05:24:25 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233165.dll
[2013/10/23 05:24:25 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/10/23 05:24:25 | 000,560,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/10/23 05:24:25 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013/10/23 05:24:25 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013/10/23 05:24:25 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013/10/23 05:24:25 | 000,018,174 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013/10/23 03:02:36 | 000,589,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013/10/23 02:19:05 | 004,318,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013/10/23 02:19:05 | 003,036,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013/10/23 02:19:03 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013/10/23 02:19:02 | 000,209,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013/10/23 02:19:01 | 003,426,956 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin
[2013/10/22 16:45:44 | 000,000,827 | ---- | M] () -- C:\Users\Room PC\.swfinfo

========== Files Created - No Company Name ==========

[2013/11/20 17:58:00 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2013/11/20 17:57:59 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2013/11/20 17:57:57 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2013/11/03 23:22:44 | 000,018,174 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/08/29 22:15:26 | 000,000,827 | ---- | C] () -- C:\Users\Room PC\.swfinfo
[2013/07/29 18:03:06 | 003,426,956 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013/06/12 15:58:38 | 000,039,904 | ---- | C] () -- C:\Windows\System32\DiscHandler.exe
[2013/06/08 06:54:10 | 003,915,776 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2013/06/08 06:53:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/06/08 06:52:30 | 000,271,360 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2013/06/08 06:52:12 | 000,157,184 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2013/06/08 06:52:10 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2013/06/08 06:52:10 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2013/06/08 06:52:08 | 001,525,760 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2013/06/08 06:52:08 | 000,211,968 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2013/06/08 06:52:08 | 000,114,688 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2013/06/08 06:52:06 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2013/05/20 10:43:32 | 000,446,128 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2013/05/20 10:43:32 | 000,280,624 | ---- | C] () -- C:\Windows\System32\avutil-lav-52.dll
[2013/05/20 10:43:32 | 000,190,640 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2013/05/20 10:43:32 | 000,172,216 | ---- | C] () -- C:\Windows\System32\avresample-lav-1.dll
[2013/05/20 10:43:30 | 007,856,976 | ---- | C] () -- C:\Windows\System32\avcodec-lav-55.dll
[2013/05/20 10:43:30 | 001,315,240 | ---- | C] () -- C:\Windows\System32\avformat-lav-55.dll
[2013/05/20 10:43:30 | 000,202,344 | ---- | C] () -- C:\Windows\System32\avfilter-lav-3.dll
[2013/05/19 14:54:44 | 000,000,884 | RHS- | C] () -- C:\Users\Room PC\ntuser.pol
[2013/04/02 15:56:38 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/04/02 15:56:23 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2013/02/21 15:42:30 | 000,221,508 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/02/21 15:42:30 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/02/10 19:23:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/29 17:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\System32\Formats.ini
[2012/05/16 10:14:32 | 000,021,144 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 1274 bytes -> C:\Users\Room PC\AppData\Local\hlNOzQBG4Fy:GL7YNdagGV3f82Zay
@Alternate Data Stream - 1130 bytes -> C:\ProgramData\Microsoft:gGVnulIJ9ou1XR7jWnvK1
@Alternate Data Stream - 1089 bytes -> C:\ProgramData\Microsoft:iBgekwaqtnFFok2wSqT

< End of report >
  • 0

Advertisements

#2
crooleeck
Posted 21 November 2013 - 12:10 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi heyage13 and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:
  • Please watch this topic
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous
  • You must reply within 3 days or your topic will be closed

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

Step 1:
  • Download aswMBR to your desktop.
  • Double click the aswMBR.exe to run it.
  • Agreed to update.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 2:
Please navigate to C:\Users\Room PC\Downloads\Extras.txt and post the content.
  • 0

#3
heyage13
Posted 21 November 2013 - 12:48 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Thanks for the help, much appreciated. I'll follow the instructions to a T!

Here's the log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-21 13:12:49
-----------------------------
13:12:49.108 OS Version: Windows 6.1.7601 Service Pack 1
13:12:49.108 Number of processors: 2 586 0xF0B
13:12:49.109 ComputerName: ROOMPC-PC UserName: Room PC
13:12:51.024 Initialize success
13:15:58.855 AVAST engine defs: 13112100
13:16:14.380 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:16:14.382 Disk 0 Vendor: ST3160812AS 3.AAH Size: 152627MB BusType: 3
13:16:14.384 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
13:16:14.386 Disk 1 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953869MB BusType: 3
13:16:14.650 Disk 1 MBR read successfully
13:16:14.652 Disk 1 MBR scan
13:16:14.658 Disk 1 Windows 7 default MBR code
13:16:14.667 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:16:14.706 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 953766 MB offset 206848
13:16:14.758 Disk 1 scanning sectors +1953519616
13:16:14.837 Disk 1 scanning C:\Windows\system32\drivers
13:16:29.842 Service scanning
13:16:43.046 Service MpKsl8736f27d C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D46509E-FB7D-427E-B616-9BC0B1392B29}\MpKsl8736f27d.sys **LOCKED** 32
13:17:03.292 Modules scanning
13:17:12.187 Disk 1 trace - called modules:
13:17:12.207 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
13:17:12.211 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86773030]
13:17:12.216 3 CLASSPNP.SYS[8c45d59e] -> nt!IofCallDriver -> [0x862b6918]
13:17:12.220 5 ACPI.sys[8bca23d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x86698030]
13:17:14.501 AVAST engine scan C:\Windows
13:17:18.976 AVAST engine scan C:\Windows\system32
13:21:02.973 AVAST engine scan C:\Windows\system32\drivers
13:21:22.122 AVAST engine scan C:\Users\Room PC
13:34:34.487 File: C:\Users\Room PC\Downloads\video-media-download_setup.exe **INFECTED** Win32:Adware-AZL [Adw]
13:34:41.252 AVAST engine scan C:\ProgramData
13:42:02.931 Scan finished successfully
13:45:09.431 Disk 1 MBR has been saved successfully to "C:\Users\Room PC\Desktop\MBR.dat"
13:45:09.482 The log file has been saved successfully to "C:\Users\Room PC\Desktop\aswMBR.txt"







Extras log:

OTL Extras logfile created on: 21/11/2013 12:13:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Room PC\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 34.24% Memory free
6.50 Gb Paging File | 3.73 Gb Available in Paging File | 57.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 585.60 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 660.03 Gb Free Space | 35.43% Space Free | Partition Type: NTFS

Computer Name: ROOMPC-PC | User Name: Room PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D31DD6-C782-4AA2-A3F1-C92026A5D90E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{0F32583E-B219-485A-BB35-B9521C786578}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1313D4DB-2339-4193-B1B8-0DF38067879B}" = lport=138 | protocol=17 | dir=in | app=system |
"{16EC06C2-09AB-4D8E-9DAF-F9572397EEA4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{17FBB8EA-83B2-47D0-8A87-ADE4E1622DA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{271B2012-16A8-4A89-B4FA-41976D3415A6}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{32F3EA5E-CE5E-4CC0-BE35-D8C5FA8E8F1A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{35AF4BF3-FFF4-439E-8222-904AB708F5C7}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{39863180-DD3D-408B-B869-1EBCC3EC5A40}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{4FD27B5C-DBE0-4F17-8121-CF49CC97D51C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B37A1F6-AE0F-4DCE-B402-FC6838BF54D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C35CE29-428E-4DFA-B448-EA02426DA30C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{71D6ACD0-2924-4ACF-B161-E5734B9A4BE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FDFB02A-1576-409D-9FE9-6BC56F602EF2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{8A35814D-BEA4-47CB-A38D-CAEB0949D3FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B123E9E-93AD-4504-AA18-5A4DFBEBD5C1}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BAAFECF-0648-44D5-A39F-0C7581B7D9A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C1F8F5F-AE76-4D81-B559-E5C451A77CF1}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{9E13C5CD-CDEE-4B2A-AA5A-F1990A5631D6}" = lport=445 | protocol=6 | dir=in | app=system |
"{9F6CE961-5EBE-4ECD-A1C8-7FA707CBF28E}" = rport=445 | protocol=6 | dir=out | app=system |
"{A19BCC02-3E61-4B26-BFAF-325A0169BDF4}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{AEB9D45F-74AF-419C-98D5-74A575F6D084}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B5A6048E-722F-4F22-9ABE-4245F4C02192}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7B650C7-83D5-48A5-848B-1FD6BFFB3949}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C811C0A1-4297-42B5-B49E-F8EB25E3640A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D194507F-0F3E-468B-994C-42DA8AD735E9}" = lport=137 | protocol=17 | dir=in | app=system |
"{D3387475-CFAF-496F-BE26-4CBAF09DD638}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2DF7915-95F6-4A7A-89B4-5727BF141591}" = rport=139 | protocol=6 | dir=out | app=system |
"{E71E3C58-C081-4A5B-8906-B63063B2D34F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7891DF2-CAD9-4BF3-A843-EA2C11C8AF10}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F10A2BA4-D25E-4F11-8A51-A935EA1ADFCC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{FECFA02B-A3CD-4E69-BD9C-08755207AA72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009E7475-5D65-4684-844A-FACABABF52C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{01C91770-64FD-48D4-AABB-4EC5194D874D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{03873CA9-18C7-4E42-AAA1-E15F07E686EA}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{06524577-F02E-4696-850E-9099DCC07566}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{1059C607-D634-4132-973F-B03A25FBBF9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{1AE67AEC-26D7-44A3-A69F-853AEDE0C801}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{20BFE068-510C-4591-8615-4E027CFC8DE0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{20C9B9F7-D9F4-4497-8BB0-44128A9816B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{21F39A6D-7248-48DE-80E6-E2DA48093014}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{28A628A9-A42E-4678-92EF-A9E8B28EA29E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28D37A5F-30B7-45FA-8A3D-38F093D293B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31454BE9-D6E7-4C78-B262-007562F1F6B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{39B49AB4-1ABB-46A5-8AE7-E13618EEB918}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{3A26A9E3-2CE3-41CE-9F31-C68EF5C4E812}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{402CCD0D-9CF9-455C-948C-F3E00102F53C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{45FA642B-DB47-437B-9D6C-0CB91282A40B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46080B52-694D-49CF-80CD-EB06EF5D8D9F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{4D83F567-E903-430E-914F-B5D73AFA2446}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{5217BFE7-3F16-4CB8-92D8-CB28A5A3A510}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{580C8412-87ED-4C97-956B-8957279DECA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{5AA137BF-9D46-4CFB-8A00-70168FC8AF9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BF2EDFD-527B-4A92-B957-9C80C12598B7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{66DC1935-6F25-494D-8A5F-13BA4778F412}" = protocol=1 | dir=out | [email protected],-28544 |
"{68B26485-5BE9-4F63-A77E-A6129ABE66FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{68C552A1-9D4B-4AAF-BCEA-0B43BBB0B1D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{6975986D-963C-4E7A-B756-5566ABB61EFE}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{7DE37E8A-64FB-4BFA-85F0-6191CFF884C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{80C8DB9C-1C7F-4896-BD79-19FF1934F810}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{824D4CB4-41BE-4C82-B079-93E042FF9749}" = protocol=1 | dir=in | [email protected],-28543 |
"{840ABFCB-5515-48D9-B1DC-48AE4A5A4FEB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{8995E5D5-DD41-4946-9E8C-7BEA099BB3B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{8B3F9376-5145-4008-871F-EB598C4F5B1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F84DADA-F72C-4A73-91AA-661B6DB63F61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{91DD9058-6B13-4A93-BE57-2D7753C41BEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A87BBD88-FB49-4FD9-8CCB-97FD42A5C9BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A970D1C8-5045-498C-A672-30EC20147DA0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AA7CE2CB-1233-476C-BA11-574A762C5DC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AEDC42DA-3E28-48DA-9149-F252D4A75E2F}" = protocol=58 | dir=in | [email protected],-28545 |
"{AF693FEA-6694-46AC-AAD4-737EF734AB00}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{AFD3B691-3385-450D-AE94-D95033FEF8D4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{C14AE8B5-0F12-42A5-8AD9-FB00E0E0DA76}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{C32D85A3-D949-499E-BF24-08DD28889845}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C68C159B-0FE5-4BF5-98AC-2B4E5334FCD8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C74FDF70-DECB-4692-ACA1-529117147E78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA2948D4-45C5-4262-9414-0AB1105604EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAB067CA-ABE0-4D51-8B3B-3B57C12319E0}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{D3BD1289-BA1F-4FC3-A815-534A98B88583}" = protocol=58 | dir=out | [email protected],-28546 |
"{D7DA1567-97E6-44EE-BED6-469CDF1396C4}" = protocol=6 | dir=out | app=system |
"{DA24F51F-2A9F-4C15-BA59-706D20EE215F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{E1036DDC-56F3-4473-AD41-D8E99D80BDA9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E4C0E75D-540D-48F9-A607-A3DE35F18697}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{E7583101-7B9F-4566-A6BC-CCCB64BA9938}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{EC53FD61-0F48-42A7-8EF4-6F118AE19976}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F7244589-B4AF-4668-BC21-80C1E3E72CFF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"TCP Query User{008CB72B-C882-48AE-A5A1-419B68F82537}C:\program files\aliens colonial marines\binaries\win32\acm.exe" = protocol=6 | dir=in | app=c:\program files\aliens colonial marines\binaries\win32\acm.exe |
"TCP Query User{39BF7426-FC1C-4195-85AA-A8D4F85D625B}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{3CDB5D82-DA0E-4B8F-B65D-1B85D68C13CF}C:\program files\avid\pro tools\protools.exe" = protocol=6 | dir=in | app=c:\program files\avid\pro tools\protools.exe |
"TCP Query User{83593763-FB29-486C-8984-1EF31017DD1D}E:\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=e:\saints row iv\saintsrowiv.exe |
"TCP Query User{895C2F37-734B-44BB-AE0D-51DD65B96ABE}C:\users\room pc\desktop\new folder\tworuntimestandalone.exe" = protocol=6 | dir=in | app=c:\users\room pc\desktop\new folder\tworuntimestandalone.exe |
"TCP Query User{AB35405F-235F-4F31-8DF9-2A50C29F5187}C:\program files\saints row iv\saintsrowiv.exe" = protocol=6 | dir=in | app=c:\program files\saints row iv\saintsrowiv.exe |
"TCP Query User{B4409DDB-3B63-4DDA-8EB9-2827923A3C41}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{C1F50CA2-12A9-4589-B458-C0EA52834C0B}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe |
"TCP Query User{C7742C76-6A68-434B-8EE9-54ADD318DDDB}C:\program files\xbmc\xbmc.exe" = protocol=6 | dir=in | app=c:\program files\xbmc\xbmc.exe |
"TCP Query User{E4DB9794-C0B1-4B6A-A138-1AB2A6DBB156}C:\users\room pc\desktop\new folder\twolauncher.exe" = protocol=6 | dir=in | app=c:\users\room pc\desktop\new folder\twolauncher.exe |
"UDP Query User{0EC22951-D71F-43FA-973D-0F34B059E122}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{1243CFDA-FD1A-42F5-83C4-8451B051881D}E:\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=e:\saints row iv\saintsrowiv.exe |
"UDP Query User{217AC167-6B60-475A-9331-4BD848511E1E}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe |
"UDP Query User{4AA14680-D9FA-44E8-8DE9-A2FA5A395AF9}C:\program files\avid\pro tools\protools.exe" = protocol=17 | dir=in | app=c:\program files\avid\pro tools\protools.exe |
"UDP Query User{5E6DB52A-14F6-45A5-801E-7CAB3C4913A7}C:\program files\aliens colonial marines\binaries\win32\acm.exe" = protocol=17 | dir=in | app=c:\program files\aliens colonial marines\binaries\win32\acm.exe |
"UDP Query User{90156B64-EC4B-49C4-A702-93A5FC4138A0}C:\users\room pc\desktop\new folder\twolauncher.exe" = protocol=17 | dir=in | app=c:\users\room pc\desktop\new folder\twolauncher.exe |
"UDP Query User{B751EA9A-4FA5-4A36-976D-D9CD653B6C16}C:\users\room pc\desktop\new folder\tworuntimestandalone.exe" = protocol=17 | dir=in | app=c:\users\room pc\desktop\new folder\tworuntimestandalone.exe |
"UDP Query User{F4E5408D-E934-4575-9AB9-7241ED732464}C:\program files\xbmc\xbmc.exe" = protocol=17 | dir=in | app=c:\program files\xbmc\xbmc.exe |
"UDP Query User{FE2EDC26-E815-48DE-B630-FA5AD0D89DCF}C:\program files\saints row iv\saintsrowiv.exe" = protocol=17 | dir=in | app=c:\program files\saints row iv\saintsrowiv.exe |
"UDP Query User{FE59C9CE-99EE-4766-8E1F-D93AD369E9B6}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C898E1-38A7-49B1-9398-49E40636E2C5}" = Avid HD Driver (x86)
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0E8DC723-F1CD-424A-96CC-12428E7A1B4B}" = Citrix Receiver (HDX Flash Redirection)
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3068513C-3AAC-410B-BAE7-C7837FFF8DEB}" = Citrix Receiver(USB)
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-542
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7468ACCE-6FA8-4794-90B9-C28BD9CC79DD}" = Citrix Receiver Updater
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7BD3DC6D-A2BE-4345-B6EE-D146193DB18F}" = Online Plug-in
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.2.4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84374A47-1DF5-4013-90D4-1288819869B1}" = Microsoft Mouse and Keyboard Center
"{8E60BB71-7EF3-42ED-9F10-AA041F25841A}" = Avid Pro Tools
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D431014-9F90-4335-A58E-8A14B0BD77F1}" = Citrix Receiver Inside
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}" = Avid Effects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.16
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92051A3-3ABB-4A26-A615-2298BE7CBC28}" = Citrix Authentication Manager
"{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}" = 6300
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D29DDA9B-FE05-48F1-A9D1-F6346A0A301A}" = Citrix Receiver(DV)
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{E3A60962-B768-4EA3-B0B6-DA671276B81A}" = Citrix Receiver(Aero)
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EF269F8D-1DFE-4C3B-9CE9-09C5773C0CF9}" = Self-service Plug-in
"{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"«Sleeping Dogs - Limited Edition»_is1" = «Sleeping Dogs - Limited Edition»
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"Connect" = Connect
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}" = Visual C++ Redistributables
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"NMMS11" = Nero 11 Mini Repack
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PowerISO" = PowerISO
"RegCure" = RegCure
"UnderCoverXP_is1" = UnderCoverXP 1.23
"WinRAR archiver" = WinRAR 4.20 beta 1 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.8.0.0
"UnityWebPlayer" = Unity Web Player
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/11/2013 7:14:50 PM | Computer Name = RoomPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\KM\NMDllHost.exe.Manifest".
Dependent
Assembly OnlineServices,version="11.0.0.0" could not be found. Please use sxstrace.exe
for detailed diagnosis.

Error - 19/11/2013 7:14:55 PM | Computer Name = RoomPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/11/2013 6:08:52 PM | Computer Name = RoomPC-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 20/11/2013 6:08:52 PM | Computer Name = RoomPC-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 20/11/2013 6:08:52 PM | Computer Name = RoomPC-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 20/11/2013 7:25:01 PM | Computer Name = RoomPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\KM\NMDllHost.exe.Manifest".
Dependent
Assembly OnlineServices,version="11.0.0.0" could not be found. Please use sxstrace.exe
for detailed diagnosis.

Error - 20/11/2013 7:25:07 PM | Computer Name = RoomPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20/11/2013 8:05:15 PM | Computer Name = RoomPC-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 21/11/2013 1:36:06 AM | Computer Name = RoomPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\KM\NMDllHost.exe.Manifest".
Dependent
Assembly OnlineServices,version="11.0.0.0" could not be found. Please use sxstrace.exe
for detailed diagnosis.

Error - 21/11/2013 1:36:11 AM | Computer Name = RoomPC-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 22/09/2013 11:32:00 PM | Computer Name = RoomPC-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 24/09/2013 7:57:39 PM | Computer Name = RoomPC-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 02/10/2013 10:54:57 PM | Computer Name = RoomPC-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:47:23 PM on ?02/?10/?2013 was unexpected.

Error - 08/10/2013 10:53:48 PM | Computer Name = RoomPC-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.159.1643.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 09/10/2013 6:29:17 PM | Computer Name = RoomPC-PC | Source = bowser | ID = 8003
Description =

Error - 14/10/2013 4:59:09 PM | Computer Name = RoomPC-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 14/10/2013 4:59:10 PM | Computer Name = RoomPC-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 14/10/2013 4:59:10 PM | Computer Name = RoomPC-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 14/10/2013 4:59:11 PM | Computer Name = RoomPC-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 14/10/2013 4:59:11 PM | Computer Name = RoomPC-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.


< End of report >
  • 0

#4
heyage13
Posted 22 November 2013 - 09:15 AM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
any other steps I can take in the meantime?
  • 0

#5
crooleeck
Posted 23 November 2013 - 05:33 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi, I'll post instruction in next few hours.

I've noticed that you are started new topic:
http://www.geekstogo...spywaremalware/
  • 0

#6
crooleeck
Posted 23 November 2013 - 07:15 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi, sorry for delay!

Step 1:
Download AdwCleaner to your desktop.
  • run AdwCleaner and select Scan
  • When finished, hit the Log buton
  • Notepad will open, please copy content and post in next replay

Step 2:
OTL fix:
Please copy following script:

:commands
[createrestorepoint]

:otl
IE - HKCU\..\SearchScopes\{73B7AEE8-A5C4-4C2C-BA6E-46AF924E7732}: "URL" = http://search.condui...3528011703&UM=2
IE - HKCU\..\SearchScopes\{F09C50BD-091D-4F59-B47C-8E406CB5D05D}: "URL" = http://www.mysearchr...q={searchTerms}
@Alternate Data Stream - 1274 bytes -> C:\Users\Room PC\AppData\Local\hlNOzQBG4Fy:GL7YNdagGV3f82Zay
@Alternate Data Stream - 1130 bytes -> C:\ProgramData\Microsoft:gGVnulIJ9ou1XR7jWnvK1
@Alternate Data Stream - 1089 bytes -> C:\ProgramData\Microsoft:iBgekwaqtnFFok2wSqT
:reg

:files
C:\Users\Room PC\Downloads\video-media-download_setup.exe

:commands
[emptytemp]


Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.
  • 0

#7
heyage13
Posted 23 November 2013 - 10:55 AM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
Thanks for getting back to me. I'll try and reply to your posts asap so that this issue can be dealt with. Thanks again for the help. Here are my logs as requested:

AdW Log:

AdwCleaner v3.012 - Report created 23/11/2013 at 11:38:46
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Room PC - ROOMPC-PC
# Running from : C:\Users\Room PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AD9S9RVV\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files\Vuze
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\Users\Room PC\AppData\Roaming\DriverCure
Folder Found C:\Users\Room PC\AppData\Roaming\iSafe
Folder Found C:\Users\Room PC\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


*************************

AdwCleaner[R0].txt - [1066 octets] - [25/08/2013 18:44:42]
AdwCleaner[R1].txt - [1154 octets] - [23/11/2013 11:38:46]
AdwCleaner[S0].txt - [1145 octets] - [25/08/2013 18:45:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1274 octets] ##########







OTL Log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73B7AEE8-A5C4-4C2C-BA6E-46AF924E7732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73B7AEE8-A5C4-4C2C-BA6E-46AF924E7732}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F09C50BD-091D-4F59-B47C-8E406CB5D05D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F09C50BD-091D-4F59-B47C-8E406CB5D05D}\ not found.
ADS C:\Users\Room PC\AppData\Local\hlNOzQBG4Fy:GL7YNdagGV3f82Zay deleted successfully.
ADS C:\ProgramData\Microsoft:gGVnulIJ9ou1XR7jWnvK1 deleted successfully.
ADS C:\ProgramData\Microsoft:iBgekwaqtnFFok2wSqT deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Users\Room PC\Downloads\video-media-download_setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Room PC
->Temp folder emptied: 1674145 bytes
->Temporary Internet Files folder emptied: 23115831 bytes
->Java cache emptied: 794629 bytes
->Flash cache emptied: 506 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56334 bytes
RecycleBin emptied: 20998 bytes

Total Files Cleaned = 24.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11232013_114845

Files\Folders moved on Reboot...
C:\Users\Room PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
crooleeck
Posted 23 November 2013 - 03:33 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1:
  • Run again AdwCleaner and select Scan
  • when it has finished hit the Delete button
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be showed, please copy content and post in next replay

Step 2:
Eset Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 / 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    Posted Image
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 3:
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. Before you finished, on Completing the Malwarebytes Anti-Malware Setup Wizard tab untick Enable free trial of Malwarebytes Anti-Malware PRO

Posted Image

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

How is your computer running now?
  • 0

#9
heyage13
Posted 24 November 2013 - 10:48 AM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
AdW Log:

AdwCleaner v3.012 - Report created 23/11/2013 at 18:04:56
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Room PC - ROOMPC-PC
# Running from : C:\Users\Room PC\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files\Vuze

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


*************************

AdwCleaner[R0].txt - [1066 octets] - [25/08/2013 18:44:42]
AdwCleaner[R1].txt - [1354 octets] - [23/11/2013 11:38:46]
AdwCleaner[R2].txt - [919 octets] - [23/11/2013 18:03:58]
AdwCleaner[S0].txt - [1145 octets] - [25/08/2013 18:45:55]
AdwCleaner[S1].txt - [1445 octets] - [23/11/2013 11:42:28]
AdwCleaner[S2].txt - [846 octets] - [23/11/2013 18:04:56]



ESET Scan Log File:

C:\Windows.old\Documents and Settings\All Users\continuetosave\510c75792924b.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Documents and Settings\All Users\continuetosave\510c75ebbcd95.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Documents and Settings\All Users\continuetosave\510c7964f0ae8.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnahjkgnlomobenmgignemphgajljlbo\1\510c7579290326.53959104.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\honhjmlmgafeifcpnhclifodechklgge\1\510c7964f08af6.58149222.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaijekifpmjggdgapddngdbcacbdiibp\1\510c75ebbcb6c9.92600734.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_1613\rlcm.crx a variant of Win32/Adware.RK.AM application
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\temp\done22.exe Win32/TrojanDownloader.VB.PMY trojan
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\temp\lm32.exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Google\Chrome\User Data\Default\Extensions\cnahjkgnlomobenmgignemphgajljlbo\1\510c7579290326.53959104.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Google\Chrome\User Data\Default\Extensions\honhjmlmgafeifcpnhclifodechklgge\1\510c7964f08af6.58149222.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Google\Chrome\User Data\Default\Extensions\iaijekifpmjggdgapddngdbcacbdiibp\1\510c75ebbcb6c9.92600734.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Google\Chrome\User Data\Temp\scoped_dir_1613\rlcm.crx a variant of Win32/Adware.RK.AM application
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\Local Settings\temp\done22.exe Win32/TrojanDownloader.VB.PMY trojan
C:\Windows.old\Documents and Settings\Room PC\Local Settings\temp\lm32.exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Documents and Settings\Room PC\Local Settings\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\ProgramData\continuetosave\510c75792924b.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\ProgramData\continuetosave\510c75ebbcd95.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\ProgramData\continuetosave\510c7964f0ae8.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Users\All Users\Application Data\continuetosave\510c75792924b.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Users\All Users\Application Data\continuetosave\510c75ebbcd95.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Users\All Users\Application Data\continuetosave\510c7964f0ae8.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Users\All Users\continuetosave\510c75792924b.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Users\All Users\continuetosave\510c75ebbcd95.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Users\All Users\continuetosave\510c7964f0ae8.dll a variant of Win32/Adware.MultiPlug.I application
C:\Windows.old\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnahjkgnlomobenmgignemphgajljlbo\1\510c7579290326.53959104.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\honhjmlmgafeifcpnhclifodechklgge\1\510c7964f08af6.58149222.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaijekifpmjggdgapddngdbcacbdiibp\1\510c75ebbcb6c9.92600734.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Users\Room PC\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_1613\rlcm.crx a variant of Win32/Adware.RK.AM application
C:\Windows.old\Users\Room PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Users\Room PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Users\Room PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\Users\Room PC\AppData\Local\temp\done22.exe Win32/TrojanDownloader.VB.PMY trojan
C:\Windows.old\Users\Room PC\AppData\Local\temp\lm32.exe multiple threats
C:\Windows.old\Users\Room PC\AppData\Local\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Users\Room PC\AppData\Local\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Users\Room PC\AppData\Local\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\Users\Room PC\Downloads\DownloadSetup.exe Win32/InstalleRex.E application
C:\Windows.old\Users\Room PC\Downloads\openfreely_1296 (1).exe a variant of Win32/InstallIQ.A application
C:\Windows.old\Users\Room PC\Downloads\openfreely_1296.exe a variant of Win32/InstallIQ.A application
C:\Windows.old\Users\Room PC\Downloads\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application
C:\Windows.old\Users\Room PC\Downloads\setup (1).exe Win32/InstalleRex.E application
C:\Windows.old\Users\Room PC\Downloads\setup (2).exe Win32/InstalleRex.E application
C:\Windows.old\Users\Room PC\Downloads\setup (3).exe Win32/InstalleRex.E application
C:\Windows.old\Users\Room PC\Downloads\setup.exe Win32/InstalleRex.E application
C:\Windows.old\Users\Room PC\Downloads\SoftonicDownloader_for_iphone-explorer.exe Win32/SoftonicDownloader.E application
C:\Windows.old\Users\Room PC\Downloads\Tiger Woods PGA TOUR 12 The Masters-RELOADED_secure.exe Win32/TopMedia.A application
C:\Windows.old\Users\Room PC\Downloads\veetle-0.9.19.exe Win32/OpenCandy application
C:\Windows.old\Users\Room PC\Downloads\Winrar_4.exe Win32/Adware.1ClickDownload.C application
C:\Windows.old\Users\Room PC\Local Settings\Google\Chrome\User Data\Default\Extensions\cnahjkgnlomobenmgignemphgajljlbo\1\510c7579290326.53959104.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Users\Room PC\Local Settings\Google\Chrome\User Data\Default\Extensions\honhjmlmgafeifcpnhclifodechklgge\1\510c7964f08af6.58149222.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Users\Room PC\Local Settings\Google\Chrome\User Data\Default\Extensions\iaijekifpmjggdgapddngdbcacbdiibp\1\510c75ebbcb6c9.92600734.js Win32/Adware.MultiPlug.H application
C:\Windows.old\Users\Room PC\Local Settings\Google\Chrome\User Data\Temp\scoped_dir_1613\rlcm.crx a variant of Win32/Adware.RK.AM application
C:\Windows.old\Users\Room PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Users\Room PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Users\Room PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\Users\Room PC\Local Settings\temp\done22.exe Win32/TrojanDownloader.VB.PMY trojan
C:\Windows.old\Users\Room PC\Local Settings\temp\lm32.exe multiple threats
C:\Windows.old\Users\Room PC\Local Settings\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats
C:\Windows.old\Users\Room PC\Local Settings\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats
C:\Windows.old\Users\Room PC\Local Settings\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats
C:\Windows.old\Windows\AutoKMS.exe MSIL/HackKMS.A application
C:\Windows.old\Windows\KMSEmulator.exe Win32/HackKMS.A application
C:\_OTL\MovedFiles\11232013_114845\C_Users\Room PC\Downloads\video-media-download_setup.exe Win32/DownWare.G application
E:\Games\Assasins Creed III\Crack\ubiorbitapi_r2_loader.dll a variant of Win32/Packed.VMProtect.AAD trojan
E:\Games\Bulletstorm-FLT\BulletStorm\Fairlight\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan
E:\Games\Dirt 3\SKIDROW\paul.dll Win32/HackTool.Crack.O application
E:\Games\Dirt 3\SKIDROW\SKIDROW.dll Win32/HackTool.Crack.O application
E:\Movies\Bridesmaids.2011\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application
E:\Movies\Due.Date.2010\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application
E:\Movies\I.Am.Number.Four.2011\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application
E:\Movies\Just.Go.With.It.2011\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application
E:\Movies\Paranormal Activity Trilogy\Paranormal.Activity.2009\Jaybob's_Movies_Toolbar.exe a variant of Win32/Toolbar.Conduit.B application
E:\Movies\Paranormal Activity Trilogy\Paranormal.Activity.3.2011\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application
E:\Movies\Precious.2009\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application
E:\Movies\Source.Code.2011\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application
E:\Movies\The.Adjustment.Bureau.2011\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B application
E:\Software\Adobe Acrobat Pro X v10.0 Multilingual\AcrobatPro_10_Web_WWEFD.exe a variant of Win32/TrojanDownloader.VB.PMY trojan
E:\Software\Adobe Acrobat Pro X v10.0 Multilingual\Serials and Activation\2. Adobe CS5 All Products Activator by MPT (Fixed)\Adobe.CS5.Products.Activator.Fixed.exe a variant of Win32/HackTool.Patcher.T application
E:\Software\Adobe Acrobat Pro X v10.0 Multilingual\Serials and Activation\4. Adobe CS5 All Products Keymaker v1.10 (Windows)\Keymaker.exe a variant of Win32/Keygen.BH application
E:\Software\Adobe Acrobat Pro X v10.0 Multilingual\Serials and Activation\Color Finesse 3_Keygen + Windows & Mac OSX Serials\Keygen.exe a variant of Win32/Keygen.BK application
E:\Software\Adobe Captivate\keygen.exe a variant of Win32/Keygen.BH application
E:\Software\Adobe CS4 Master Collection - Shadeyman\Activation Disabler.cmd BAT/HostsChanger.A application
E:\Software\BitDefender Total Security 2012 (x86x64) include Patch{h33t}{mad dog}\Bitdefender Total Security 2012\patch.exe Win32/RiskWare.HackAV.IS application
E:\Software\Microsoft Office Enterprise 2010 Corporate Final (full activated)\Office 2010 Toolkit\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.A application
E:\Software\Microsoft Office Enterprise 2010 Corporate Final (full activated)\xxx.Microsoft 2010 Activation.xxx\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.A application
E:\Software\QuickTime Pro v7.71.80.42\QuickTimeInstaller.exe Win32/InstallMonetizer.AH application
C:\Program Files\VirtualDJ\2010kaiser PATCH.exe a variant of Win32/HackTool.Patcher.AD application cleaned by deleting - quarantined
C:\Users\Room PC\Documents\Vuze Downloads\Dead.Island.Riptide-RELOADED\rld-deisrt.iso a variant of Win32/HackTool.Crack.BQ application deleted - quarantined
C:\Windows\KMSEmulator.exe Win32/HackKMS.A application cleaned by deleting - quarantined
C:\Windows\Installer\26e591.msi a variant of Win32/Bundled.Toolbar.Ask.D application deleted - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\continuetosave\510c75792924b.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\continuetosave\510c75ebbcd95.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\All Users\Application Data\continuetosave\510c7964f0ae8.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\cnahjkgnlomobenmgignemphgajljlbo\1\510c7579290326.53959104.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\honhjmlmgafeifcpnhclifodechklgge\1\510c7964f08af6.58149222.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\iaijekifpmjggdgapddngdbcacbdiibp\1\510c75ebbcb6c9.92600734.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Google\Chrome\User Data\Temp\scoped_dir_1613\rlcm.crx a variant of Win32/Adware.RK.AM application deleted - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\agent_setup[1].exe multiple threats cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXV0OC6H\search_d_soft_quick[1].exe multiple threats cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\QI3Y3SMN\search_d_continue_up[1].exe multiple threats cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\temp\done22.exe Win32/TrojanDownloader.VB.PMY trojan cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\AppData\Local\Application Data\temp\lm32.exe multiple threats cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\DownloadSetup.exe Win32/InstalleRex.E application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\openfreely_1296 (1).exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\openfreely_1296.exe a variant of Win32/InstallIQ.A application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\RegistryEasy.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\setup (1).exe Win32/InstalleRex.E application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\setup (2).exe Win32/InstalleRex.E application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\setup (3).exe Win32/InstalleRex.E application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\setup.exe Win32/InstalleRex.E application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\SoftonicDownloader_for_iphone-explorer.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\Tiger Woods PGA TOUR 12 The Masters-RELOADED_secure.exe Win32/TopMedia.A application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\veetle-0.9.19.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows.old\Documents and Settings\Room PC\Downloads\Winrar_4.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
C:\Windows.old\Program Files\ContinueToSave\sprotector.dll a variant of Win32/SProtector.A application cleaned by deleting - quarantined
C:\Windows.old\Program Files\ContinueToSave\uninstall.exe a variant of Win32/SProtector.B application cleaned by deleting - quarantined
C:\Windows.old\Program Files\EA\Bulletstorm\Binaries\Win32\xlive.dll a variant of Win32/Packed.VMProtect.AAD trojan cleaned by deleting - quarantined
C:\Windows.old\Program Files\SimpleSpeedy\sprotector.dll a variant of Win32/SProtector.A application cleaned by deleting - quarantined
C:\Windows.old\Program Files\SimpleSpeedy\uninstall.exe a variant of Win32/SProtector.B application cleaned by deleting - quarantined
C:\Windows.old\Program Files\Ubisoft\Assassin's Creed III\ubiorbitapi_r2_loader.dll a variant of Win32/Packed.VMProtect.AAD trojan deleted - quarantined
C:\Windows.old\Program Files\Vuze\bunndle.zip a variant of Win32/Bunndle application deleted - quarantined
C:\Windows.old\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe Win32/Somoto.F application cleaned by deleting - quarantined
C:\Windows.old\Program Files\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined
C:\Windows.old\Program Files\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined


MalwareBytes Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.24.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16736
Room PC :: ROOMPC-PC [administrator]

24/11/2013 11:37:01 AM
mbam-log-2013-11-24 (11-37-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231889
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


PC seems to be running fine...uninstalled chrome so hard to say if searchfog has been removed...will wait for further instructions from you.
  • 0

#10
crooleeck
Posted 24 November 2013 - 11:54 AM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Most detected files comes from unused windows installation - so infections was inactive too. Try install chrome for test.
  • 0

Advertisements

#11
heyage13
Posted 24 November 2013 - 12:21 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
re-installed chrome, issue is still there; some links don't work and certain words are highlighted green with links to searchfog.com
  • 0

#12
crooleeck
Posted 24 November 2013 - 12:23 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
OK, please run AdwCleaner scan again and post.
  • 0

#13
heyage13
Posted 24 November 2013 - 12:57 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
# AdwCleaner v3.012 - Report created 24/11/2013 at 13:56:58
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Room PC - ROOMPC-PC
# Running from : C:\Users\Room PC\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files\Vuze

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1066 octets] - [25/08/2013 18:44:42]
AdwCleaner[R1].txt - [1354 octets] - [23/11/2013 11:38:46]
AdwCleaner[R2].txt - [919 octets] - [23/11/2013 18:03:58]
AdwCleaner[R3].txt - [846 octets] - [24/11/2013 13:56:58]
AdwCleaner[S0].txt - [1145 octets] - [25/08/2013 18:45:55]
AdwCleaner[S1].txt - [1445 octets] - [23/11/2013 11:42:28]
AdwCleaner[S2].txt - [984 octets] - [23/11/2013 18:04:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1084 octets] ##########
  • 0

#14
crooleeck
Posted 24 November 2013 - 03:21 PM

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Run OTL

[*]Hit None button.
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

C:\Users\Room PC|searchfox;true;true;true /FP
HKCU\Software|*searchfox* /RS
HKLM\SYSTEM\CurrentControlSet|*searchfox* /RS
HKLM\SOFTWARE|*searchfox* /RS
[*]Hit Run Scan button.

OTL will take a few minutes to generate a log, please post the result.
  • 0

#15
heyage13
Posted 24 November 2013 - 04:09 PM

heyage13

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
I noticed in the script you've provided it mentions the word "searchfox"...was that intended to be "searchfog"?

searchfog is what I mentioned as showing up in my browser.

please advise?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP