Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

akamaihd / Firefox [Solved]

Started by VICFROMBAYVILLE , Jan 22 2014 12:33 PM

  • This topic is locked This topic is locked

#1
VICFROMBAYVILLE
Posted 22 January 2014 - 12:33 PM

VICFROMBAYVILLE

    Member

  • Member
  • PipPip
  • 16 posts
When in Firefox and on an active webpage - on click on a link a new window opens with the akamaihd popup followed by offers and redirects.

Win 7 64bit Toshiba . OTL log follows thanks, Vic
--------------------------------------------------------
OTL logfile created on: 1/22/2014 12:50:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lido\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 35.90% Memory free
7.60 Gb Paging File | 4.91 Gb Available in Paging File | 64.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.70 Gb Total Space | 279.39 Gb Free Space | 61.72% Space Free | Partition Type: NTFS

Computer Name: LIDO-PC | User Name: Lido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/22 12:49:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lido\Downloads\OTL.exe
PRC - [2014/01/16 11:07:55 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
PRC - [2013/12/19 22:24:44 | 000,574,464 | ---- | M] () -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
PRC - [2013/12/11 18:43:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/02 17:35:54 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
PRC - [2013/11/20 15:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/02 15:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2013/11/02 14:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/08/14 07:59:52 | 005,537,136 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2013/08/14 06:05:50 | 000,107,520 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/07/25 17:47:00 | 001,985,824 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/24 08:21:36 | 000,613,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Lido\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/11/23 21:21:24 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/02/24 03:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/16 11:07:55 | 016,287,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
MOD - [2013/12/11 18:43:26 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/14 11:20:38 | 001,021,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/14 11:20:37 | 002,659,328 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/13 15:07:04 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/12 17:22:54 | 007,070,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/12 17:22:45 | 001,014,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/08/14 16:08:57 | 000,143,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 09:48:31 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 09:48:11 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 09:47:59 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/14 06:29:29 | 005,628,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 06:29:22 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2013/07/10 07:17:39 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 06:11:59 | 014,416,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/16 10:11:14 | 000,188,760 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV:64bit: - [2012/08/08 21:36:10 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/09/28 14:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/04/06 16:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2014/01/16 11:07:55 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/19 22:24:44 | 000,574,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/12/11 18:43:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/02 15:01:42 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2013/11/02 14:54:34 | 000,270,704 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/08/14 06:05:50 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Lido\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/06/21 08:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/28 10:40:08 | 000,101,376 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/11/28 23:00:41 | 000,132,056 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/02/11 12:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/08/24 16:56:04 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 16:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 16:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 13:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/02 18:22:00 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:43 | 000,078,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/06/02 04:56:58 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 07:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 19:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/28 13:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/02/27 09:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 14:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/12 16:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/07 11:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 23:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2014/01/21 08:28:27 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140121.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/12/03 20:23:59 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140122.003\ex64.sys -- (NAVEX15)
DRV - [2013/12/03 20:23:59 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/03 20:23:59 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/03 20:23:59 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140122.003\eng64.sys -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{24714634-4714-4F24-AB36-D070CE465A52}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0225C32A-3BEF-4466-B270-EA8806138865}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}
IE - HKCU\..\SearchScopes\{0225C32A-3BEF-4466-B270-EA8806138865}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{212D1EE6-E1B8-419A-8C84-EA046D4D3FFA}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{A867B985-CC43-404D-B808-9D3466AE3ACB}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{BFDA9747-DAE3-4C18-9D77-C3A203BA56B5}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{E9EA38DC-E736-4FCB-9544-3F9FBEAF538E}: "URL" = http://search.condui...1501405022&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...om/webhp?hl=en"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.10
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:4.0.8
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.12
FF - prefs.js..extensions.enabledAddons: b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a%404bb97481-aead-4c2e-a62b-e25e264651bb.com:0.93.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lido\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lido\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lido\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Lido\Desktop\Voice\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/06/17 13:19:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/01/21 08:07:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/02 17:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/06/17 13:19:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/02 17:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/03 09:51:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/13 08:41:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/14 06:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Extensions
[2014/01/16 11:05:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions
[2013/08/27 09:39:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/16 11:05:30 | 000,000,000 | ---D | M] ("The weDownload Manager") -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com
[2014/01/16 11:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData
[2014/01/16 11:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\plugins
[2014/01/16 11:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com\extensionData\userCode
[2013/12/24 13:23:03 | 000,050,916 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\[email protected]
[2013/12/12 15:20:51 | 000,343,554 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\[email protected]
[2014/01/15 15:00:42 | 000,536,648 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/10 16:30:22 | 000,280,941 | ---- | M] () (No name found) -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2013/07/01 15:49:15 | 000,001,793 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\Bing.xml
[2013/04/23 08:24:58 | 000,001,110 | ---- | M] () -- C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
[2013/07/28 17:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/10/15 07:19:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/28 17:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/15 07:19:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 18:43:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\crossrider
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode\1.26.21_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.2.3_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2012/06/18 08:10:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (The weDownload Manager) - {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll (weDownload)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (The weDownload Manager) - {11111111-1111-1111-1111-110411901174} - C:\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho.dll (weDownload)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll File not found
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Lido\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{489208A3-43DB-4783-BF18-0C187AED2C3E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/17 11:39:51 | 000,000,000 | ---D | C] -- C:\My Works
[2014/01/16 09:40:23 | 000,000,000 | ---D | C] -- C:\Users\Lido\New folder
[2014/01/15 08:29:58 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2014/01/15 08:29:58 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2014/01/15 08:29:57 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2014/01/13 13:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/13 13:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/01/13 13:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/13 13:33:28 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/01/13 13:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/13 13:32:52 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/13 13:22:39 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Roaming\Windows Live Writer
[2014/01/13 13:22:39 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\Windows Live Writer
[2014/01/13 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Roaming\EDIMAX IP Camera Viewer
[2014/01/13 12:26:42 | 000,000,000 | ---D | C] -- C:\Users\Lido\Documents\Data
[2014/01/13 11:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Camera
[2014/01/13 11:15:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Camera
[2014/01/13 10:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The weDownload Manager
[2014/01/08 10:05:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
[2014/01/08 10:04:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 12
[2014/01/08 10:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2014/01/08 10:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2014/01/08 10:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2014/01/07 17:00:57 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
[2014/01/06 14:23:36 | 004,558,848 | ---- | C] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
[2014/01/06 12:02:05 | 000,000,000 | ---D | C] -- C:\Users\Lido\Desktop\MUSIC
[2014/01/04 14:27:38 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\Wondershare
[2014/01/04 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2014/01/04 14:27:13 | 000,000,000 | ---D | C] -- C:\Users\Lido\Documents\Wondershare Video Editor
[2014/01/04 14:25:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2014/01/04 14:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014/01/04 13:59:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2014/01/04 13:19:03 | 000,000,000 | ---D | C] -- C:\windows\en
[2014/01/04 13:16:36 | 000,057,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fssfltr.sys
[2014/01/04 13:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/01/04 13:15:29 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2014/01/04 13:15:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2014/01/04 13:15:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2014/01/04 13:15:29 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2014/01/04 13:15:29 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2014/01/04 13:15:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2014/01/04 13:15:27 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2014/01/04 13:15:27 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2014/01/04 13:13:04 | 000,000,000 | R--D | C] -- C:\Users\Lido\SkyDrive
[2014/01/04 13:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2014/01/04 13:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2014/01/04 12:58:01 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\{DB0C05FC-10A8-4DF7-91C2-EC159D547784}
[2014/01/04 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\Lido\Desktop\V Tools
[2014/01/03 15:25:06 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Local\{77F333E9-E81B-4ED9-AB95-419606985469}
[2014/01/02 14:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Amazon
[2014/01/02 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/01/02 14:05:23 | 000,000,000 | ---D | C] -- C:\Users\Lido\Documents\Video Download Capture
[2014/01/02 14:03:14 | 000,031,920 | ---- | C] (Wondershare) -- C:\windows\SysNative\drivers\Apowersoft_AudioDevice.sys
[2014/01/02 14:03:14 | 000,000,000 | ---D | C] -- C:\Users\Lido\AppData\Roaming\Apowersoft
[2014/01/01 16:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2014/01/01 16:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2014/01/01 16:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Lido\*.tmp files -> C:\Users\Lido\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/22 12:45:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job
[2014/01/22 12:29:03 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/22 12:04:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/22 10:50:03 | 000,002,340 | ---- | M] () -- C:\windows\tasks\The weDownload Manager-firefoxinstaller.job
[2014/01/22 10:50:02 | 000,002,218 | ---- | M] () -- C:\windows\tasks\The weDownload Manager-chromeinstaller.job
[2014/01/22 10:50:02 | 000,001,410 | ---- | M] () -- C:\windows\tasks\The weDownload Manager-updater.job
[2014/01/22 10:50:02 | 000,000,258 | RHS- | M] () -- C:\Users\Lido\ntuser.pol
[2014/01/22 10:50:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/22 10:50:01 | 000,001,362 | ---- | M] () -- C:\windows\tasks\The weDownload Manager-codedownloader.job
[2014/01/22 10:50:01 | 000,001,234 | ---- | M] () -- C:\windows\tasks\The weDownload Manager-enabler.job
[2014/01/21 15:45:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job
[2014/01/21 09:29:03 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/21 08:15:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 08:15:05 | 000,016,304 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 08:07:15 | 000,008,192 | ---- | M] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/01/21 08:06:04 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/20 13:25:18 | 000,730,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/20 13:25:18 | 000,627,316 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/20 13:25:18 | 000,107,600 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/16 11:07:55 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/01/16 11:07:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/15 14:55:49 | 002,535,424 | ---- | M] () -- C:\Users\Lido\Documents\Membership201415 (2).accdb
[2014/01/15 14:25:01 | 000,450,936 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/13 14:10:04 | 034,359,027 | ---- | M] () -- C:\Users\Lido\Desktop\Chorale.zip
[2014/01/13 13:32:42 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/01/13 13:32:42 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/01/13 13:32:42 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/01/13 13:32:42 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/13 11:16:11 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\IPCam Surveillance Software.lnk
[2014/01/13 11:15:28 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\EdiView Finder Utility.lnk
[2014/01/13 11:13:26 | 007,098,545 | ---- | M] () -- C:\Users\Lido\Desktop\IC-3100 Manual.pdf
[2014/01/08 10:05:16 | 000,001,424 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
[2014/01/08 10:04:18 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 12 (64-bit).lnk
[2014/01/06 14:23:36 | 004,558,848 | ---- | M] (Google Inc.) -- C:\windows\SysWow64\GPhotos.scr
[2014/01/03 14:26:41 | 000,015,360 | ---- | M] () -- C:\Users\Lido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/02 14:53:37 | 000,002,026 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2014/01/02 14:53:37 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Lido\*.tmp files -> C:\Users\Lido\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/15 14:55:45 | 002,535,424 | ---- | C] () -- C:\Users\Lido\Documents\Membership201415 (2).accdb
[2014/01/13 11:16:11 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\IPCam Surveillance Software.lnk
[2014/01/13 11:15:28 | 000,001,221 | ---- | C] () -- C:\Users\Public\Desktop\EdiView Finder Utility.lnk
[2014/01/13 11:13:24 | 007,098,545 | ---- | C] () -- C:\Users\Lido\Desktop\IC-3100 Manual.pdf
[2014/01/13 10:27:10 | 000,001,410 | ---- | C] () -- C:\windows\tasks\The weDownload Manager-updater.job
[2014/01/13 10:27:07 | 000,001,234 | ---- | C] () -- C:\windows\tasks\The weDownload Manager-enabler.job
[2014/01/13 10:27:03 | 000,001,362 | ---- | C] () -- C:\windows\tasks\The weDownload Manager-codedownloader.job
[2014/01/13 10:26:49 | 000,002,340 | ---- | C] () -- C:\windows\tasks\The weDownload Manager-firefoxinstaller.job
[2014/01/13 10:26:41 | 000,002,218 | ---- | C] () -- C:\windows\tasks\The weDownload Manager-chromeinstaller.job
[2014/01/08 10:05:15 | 000,001,424 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink WaveEditor 2.lnk
[2014/01/08 10:04:17 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 12 (64-bit).lnk
[2014/01/04 13:18:36 | 000,001,316 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2014/01/04 13:18:18 | 000,001,385 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2014/01/04 13:13:04 | 000,002,164 | ---- | C] () -- C:\Users\Lido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2014/01/02 14:53:37 | 000,002,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2014/01/02 14:53:37 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[2013/12/02 17:29:59 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2013/11/04 13:00:51 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\WDPABKP.dat
[2013/08/14 06:05:52 | 000,000,258 | RHS- | C] () -- C:\Users\Lido\ntuser.pol
[2013/01/27 14:29:20 | 000,000,718 | ---- | C] () -- C:\Users\Lido\AppData\Local\recently-used.xbel
[2012/08/13 13:55:32 | 000,001,055 | ---- | C] () -- C:\Users\Lido\Music - Shortcut.lnk
[2012/01/20 13:12:27 | 000,007,605 | ---- | C] () -- C:\Users\Lido\AppData\Local\Resmon.ResmonCfg
[2011/11/13 07:55:25 | 000,044,074 | ---- | C] () -- C:\Users\Lido\AirForce.JPG
[2011/11/13 07:53:56 | 000,035,052 | ---- | C] () -- C:\Users\Lido\CoastGuard.jpg
[2011/11/13 07:51:54 | 001,696,055 | ---- | C] () -- C:\Users\Lido\US Coast Guard - Marching Song.mp4
[2011/11/10 16:01:06 | 001,547,413 | ---- | C] () -- C:\Users\Lido\US Air Force Song - _Off We Go_..flv
[2011/11/10 15:59:33 | 001,429,265 | ---- | C] () -- C:\Users\Lido\US Coast Guard - Marching Song.flv
[2011/09/14 08:30:47 | 000,158,236 | ---- | C] () -- C:\Users\Lido\DowJones.pdf
[2011/08/04 17:53:45 | 001,110,476 | ---- | C] () -- C:\Program Files (x86)\7-Zip.exe
[2011/06/27 19:58:48 | 000,015,360 | ---- | C] () -- C:\Users\Lido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/26 18:24:18 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >
----------------------------------------------------
  • 0

Advertisements

#2
gringo_pr
Posted 22 January 2014 - 07:16 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello VICFROMBAYVILLE

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
VICFROMBAYVILLE
Posted 23 January 2014 - 02:44 PM

VICFROMBAYVILLE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
thank you -- ran AdwCleaner. Notes from the run follow. As I understand it I should wait for your reply before running the next download. In the meantime I will report any good or bad changes.
========================
# AdwCleaner v3.017 - Report created 23/01/2014 at 09:09:46
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lido - LIDO-PC
# Running from : C:\Users\Lido\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate
[#] Service Deleted : Updater By SweetPacks

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\FTDownloader.com
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\The weDownload Manager
Folder Deleted : C:\windows\SysWOW64\ARFC
Folder Deleted : C:\windows\SysWOW64\jmdp
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\Users\Lido\AppData\LocalLow\The weDownload Manager
Folder Deleted : C:\Users\Lido\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Lido\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Lido\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Lido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\b1ac2ff7-8e51-4bb6-8bf8-87f1d567919a@4bb97481-aead-4c2e-a62b-e25e264651bb.com
Folder Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecoccdldklbjglocbgbfpmpehjegkode
File Deleted : C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\windows\System32\dmwu.exe
File Deleted : C:\windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\EPUpdater
File Deleted : C:\windows\System32\Tasks\NCH Software
File Deleted : C:\windows\System32\Tasks\Scheduled Update for Ask Toolbar
File Deleted : C:\windows\Tasks\The weDownload Manager-chromeinstaller.job
File Deleted : C:\windows\System32\Tasks\The weDownload Manager-chromeinstaller
File Deleted : C:\windows\Tasks\The weDownload Manager-codedownloader.job
File Deleted : C:\windows\System32\Tasks\The weDownload Manager-codedownloader
File Deleted : C:\windows\Tasks\The weDownload Manager-enabler.job
File Deleted : C:\windows\System32\Tasks\The weDownload Manager-enabler
File Deleted : C:\windows\Tasks\The weDownload Manager-firefoxinstaller.job
File Deleted : C:\windows\System32\Tasks\The weDownload Manager-firefoxinstaller
File Deleted : C:\windows\Tasks\The weDownload Manager-updater.job
File Deleted : C:\windows\System32\Tasks\The weDownload Manager-updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\d
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901174}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411901174}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02f283cc-674f-4fa6-81ce-e578f8273754}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44d65966-2b0a-403a-bcf3-5798f60128fe}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9092621f-a570-4680-97a1-06a22321b8aa}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bd90bfb-75b6-4001-a211-8f4120931b9a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce711d59-37d2-4c02-b2bd-3da740508bca}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901174}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{02f283cc-674f-4fa6-81ce-e578f8273754}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44d65966-2b0a-403a-bcf3-5798f60128fe}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9092621f-a570-4680-97a1-06a22321b8aa}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9bd90bfb-75b6-4001-a211-8f4120931b9a}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce711d59-37d2-4c02-b2bd-3da740508bca}
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\The weDownload Manager
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\Software\The weDownload Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\prefs.js ]

Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationTime", 1389626796);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.active", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbar", "NA");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbarenhanced", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb.was_copied", "true");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb.was_copied", "true");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet_FF25_FIX", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.backgroundver", 1);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.certdomaininstaller", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.changeprevious", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standa[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app49074%22%3A%22app49[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_css.expiration", "Thu Jan 23 2014 10:52:31 GMT-0500 (Eastern Standard Ti[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdisplay%3Anone%3B%5Cn%7D%5C[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.expiration", "Thu Jan 23 2014 11:06:05 GMT-0500 (Eastern Sta[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.value", "%22US%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.expiration", "Thu Jan 23 2014 10:52:30 GMT-0500 (Eastern Standa[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A49074%2C%22appName%22%3A%22The%20weDo[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.value", "%221389626796%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22verticals-%2[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie._GPL_aoi.value", "%221389888375%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie._GPL_parent_zoneid.value", "%22485704%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.jw_token.value", "%22120df7a5-25ff-e98e-4578-47d166c1a300%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and information for apps and[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.domain", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.enablesearch", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.homepage", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.iframe", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard [...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22D5FBD72B1EEA42ACBA5BF92E18750[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22vertical[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard [...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22ver[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern [...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22D5FBD72B1EEA42ACBA5B[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.value", "25");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)"[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3A479259%2C%22ver%22%3A1%2[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.expiration", "Thu Jan 23 2014 14:47:41 GMT-0500 (Eastern Standard T[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Sta[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.expiration", "Wed Apr 23 2014 10:00:07 GMT-0400 (Eastern Dayl[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.value", "%22.crossrider-nofity-34345-body-theme-white-black%2[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard T[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.value", "%22ff%22");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22D5FBD72B[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_last_executable_request.expiration", "Thu Jan 23 2014 20:57:12 GMT-[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//download.bleepingcompu[...]
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastDailyReport", "1390481156819");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastUpdate", "1390484861493");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.manifesturl", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.name", "The weDownload Manager");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.newtab", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.opensearch", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/49074/plugins/093/ff/plugins.json");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsversion", 21);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.publisher", "weDownload");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.searchstatus", 0);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.setnewtab", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.thankyou", "");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.updateinterval", 360);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.ver", 25);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.apps", "49074");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.bic", "1438c3df7ee708ccac917d3d60ded3cb");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.cid", 49074);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.firstrun", false);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.hadappinstalled", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.installationdate", 1389888354);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.modetype", "production");
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.reportInstall", true);
Line Deleted : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.statsDailyCounter", 9);
Line Deleted : user_pref("extensions.crossrider.bic", "1438c3df7ee708ccac917d3d60ded3cb");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Lido\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [30499 octets] - [23/01/2014 09:01:41]
AdwCleaner[S0].txt - [27879 octets] - [23/01/2014 09:09:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27940 octets] ##########
  • 0

#4
gringo_pr
Posted 23 January 2014 - 04:06 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello VICFROMBAYVILLE

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
VICFROMBAYVILLE
Posted 24 January 2014 - 09:15 AM

VICFROMBAYVILLE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
To be clear I have now run AdwCleaner and Combofix and not Junkware Removal Tool.
I ran Combofix - log follows. I thought I had stopped Norton Security but during the Combofix run I received a warning and closed the warning box.. then ComboFix continued and produced this log.

my problem with sksmeihd continues and I continue to get Oracle request for update and have not run it. Otherwise my computer runs normally.
============================================
ComboFix 14-01-23.02 - Lido 01/24/2014 9:46.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2456 [GMT -5:00]
Running from: c:\users\Lido\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-12-24 to 2014-01-24 )))))))))))))))))))))))))))))))
.
.
2014-01-24 14:55 . 2014-01-24 14:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-24 14:55 . 2014-01-24 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-23 14:01 . 2014-01-23 14:14 -------- d-----w- C:\AdwCleaner
2014-01-23 12:49 . 2014-01-23 13:00 -------- d---a-w- C:\VIDEO_TS
2014-01-17 16:39 . 2014-01-17 16:50 -------- d-----w- C:\My Works
2014-01-16 14:40 . 2014-01-16 14:40 -------- d-----w- c:\users\Lido\New folder
2014-01-15 13:29 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 13:29 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 13:29 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 13:29 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 13:29 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 13:29 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 13:29 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 13:29 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 13:29 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-13 18:33 . 2014-01-13 18:33 -------- d-----w- c:\programdata\Oracle
2014-01-13 18:33 . 2014-01-13 18:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-13 18:32 . 2014-01-13 18:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-13 18:22 . 2014-01-13 18:24 -------- d-----w- c:\users\Lido\AppData\Local\Windows Live Writer
2014-01-13 18:22 . 2014-01-13 18:22 -------- d-----w- c:\users\Lido\AppData\Roaming\Windows Live Writer
2014-01-13 17:26 . 2014-01-13 17:28 -------- d-----w- c:\users\Lido\AppData\Roaming\EDIMAX IP Camera Viewer
2014-01-13 16:15 . 2014-01-13 16:16 -------- d-----w- c:\program files (x86)\Internet Camera
2014-01-08 15:03 . 2014-01-08 15:05 -------- d-----w- c:\program files (x86)\Cyberlink
2014-01-08 15:01 . 2014-01-08 15:03 -------- d-----w- c:\program files\CyberLink
2014-01-08 15:00 . 2014-01-08 15:06 -------- d-----w- c:\programdata\install_clap
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-01-04 19:27 . 2014-01-04 19:27 -------- d-----w- c:\users\Lido\AppData\Local\Wondershare
2014-01-04 19:27 . 2014-01-04 19:27 -------- d-----w- c:\program files (x86)\Common Files\Wondershare
2014-01-04 19:00 . 2014-01-04 19:00 -------- d-----w- c:\program files (x86)\MSECache
2014-01-04 18:19 . 2014-01-04 18:19 -------- d-----w- c:\windows\en
2014-01-04 18:16 . 2013-02-06 03:06 57840 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-01-04 18:16 . 2014-01-04 18:16 -------- d-----w- c:\program files\Windows Live
2014-01-04 18:15 . 2010-06-02 09:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2014-01-04 18:15 . 2010-06-02 09:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2014-01-04 18:15 . 2010-06-02 09:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2014-01-04 18:15 . 2010-06-02 09:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2014-01-04 18:15 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-01-04 18:15 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2014-01-04 18:15 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-01-04 18:15 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-01-04 18:13 . 2014-01-04 18:13 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2014-01-04 18:13 . 2014-01-04 18:13 -------- d-----r- c:\users\Lido\SkyDrive
2014-01-04 18:13 . 2014-01-04 18:11 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5766f3651cf097805\skydrivesetup.exe
2014-01-04 18:12 . 2014-01-04 18:12 -------- d-----w- c:\programdata\Microsoft SkyDrive
2014-01-04 18:11 . 2014-01-04 18:11 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\55e2f3181cf097804\DXSETUP.exe
2014-01-04 18:11 . 2014-01-04 18:11 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\55e2f3181cf097804\dsetup32.dll
2014-01-04 18:11 . 2014-01-04 18:11 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\55e2f3181cf097804\DSETUP.dll
2014-01-04 18:11 . 2014-01-04 18:11 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\541065621cf097803\DSETUP.dll
2014-01-04 18:11 . 2014-01-04 18:11 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\541065621cf097803\DXSETUP.exe
2014-01-04 18:11 . 2014-01-04 18:11 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\541065621cf097803\dsetup32.dll
2014-01-04 18:11 . 2014-01-04 18:11 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\529aad571cf097801\DSETUP.dll
2014-01-04 18:11 . 2014-01-04 18:11 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\529aad571cf097801\DXSETUP.exe
2014-01-04 18:11 . 2014-01-04 18:11 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\529aad571cf097801\dsetup32.dll
2014-01-02 19:53 . 2014-01-02 19:53 -------- d-----w- c:\programdata\Amazon
2014-01-02 19:53 . 2014-01-02 19:53 -------- d-----w- c:\program files (x86)\Amazon
2014-01-02 19:03 . 2014-01-02 19:03 -------- d-----w- c:\users\Lido\AppData\Roaming\Apowersoft
2014-01-02 19:03 . 2013-06-02 09:56 31920 ----a-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2014-01-01 21:22 . 2014-01-04 14:12 -------- d-----w- c:\programdata\DVD Shrink
2014-01-01 21:22 . 2014-01-01 21:22 -------- d-----w- c:\program files (x86)\DVD Shrink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 16:07 . 2012-04-03 12:50 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-16 16:07 . 2011-06-25 09:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 13:41 . 2011-07-06 14:41 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-04 18:16 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-14 17:34 . 2013-12-14 17:34 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-14 17:34 . 2013-12-14 17:34 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-14 17:34 . 2013-12-14 17:34 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-14 17:34 . 2013-12-14 17:34 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-14 17:34 . 2013-12-14 17:34 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-14 17:34 . 2013-12-14 17:34 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-14 17:34 . 2013-12-14 17:34 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-14 17:34 . 2013-12-14 17:34 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-14 17:34 . 2013-12-14 17:34 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-14 17:34 . 2013-12-14 17:34 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-14 17:34 . 2013-12-14 17:34 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-14 17:34 . 2013-12-14 17:34 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-14 17:34 . 2013-12-14 17:34 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-14 17:34 . 2013-12-14 17:34 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-14 17:34 . 2013-12-14 17:34 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-14 17:34 . 2013-12-14 17:34 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-14 17:34 . 2013-12-14 17:34 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-14 17:34 . 2013-12-14 17:34 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-14 17:34 . 2013-12-14 17:34 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-14 17:34 . 2013-12-14 17:34 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-14 17:34 . 2013-12-14 17:34 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-14 17:34 . 2013-12-14 17:34 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-14 17:34 . 2013-12-14 17:34 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-14 17:34 . 2013-12-14 17:34 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-14 17:34 . 2013-12-14 17:34 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-14 17:34 . 2013-12-14 17:34 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-14 17:34 . 2013-12-14 17:34 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-14 17:34 . 2013-12-14 17:34 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-14 17:34 . 2013-12-14 17:34 413696 ----a-w- c:\windows\system32\html.iec
2013-12-14 17:34 . 2013-12-14 17:34 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-14 17:34 . 2013-12-14 17:34 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-14 17:34 . 2013-12-14 17:34 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-14 17:34 . 2013-12-14 17:34 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-14 17:34 . 2013-12-14 17:34 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-14 17:34 . 2013-12-14 17:34 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-14 17:34 . 2013-12-14 17:34 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-14 17:34 . 2013-12-14 17:34 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-14 17:34 . 2013-12-14 17:34 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-14 17:34 . 2013-12-14 17:34 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-14 17:34 . 2013-12-14 17:34 235520 ----a-w- c:\windows\system32\url.dll
2013-12-14 17:34 . 2013-12-14 17:34 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-14 17:34 . 2013-12-14 17:34 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-14 17:34 . 2013-12-14 17:34 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-14 17:34 . 2013-12-14 17:34 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-14 17:34 . 2013-12-14 17:34 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-14 17:34 . 2013-12-14 17:34 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-14 17:34 . 2013-12-14 17:34 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-14 17:34 . 2013-12-14 17:34 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-14 17:34 . 2013-12-14 17:34 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-14 17:34 . 2013-12-14 17:34 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-14 17:34 . 2013-12-14 17:34 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-14 17:34 . 2013-12-14 17:34 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-14 17:34 . 2013-12-14 17:34 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-14 17:34 . 2013-12-14 17:34 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-14 17:34 . 2013-12-14 17:34 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-14 17:34 . 2013-12-14 17:34 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-14 17:34 . 2013-12-14 17:34 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-14 17:34 . 2013-12-14 17:34 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-14 17:34 . 2013-12-14 17:34 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-02 23:22 . 2011-06-27 21:34 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-12-02 22:35 . 2013-01-25 19:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-12-02 22:35 . 2013-01-25 19:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-11-26 11:54 . 2013-12-16 15:18 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-16 15:18 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-16 15:18 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-16 15:18 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-16 15:18 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-16 15:18 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-16 15:18 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-16 15:18 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-16 15:18 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-16 15:18 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-16 15:18 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-16 15:18 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-16 15:18 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-16 15:18 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-16 15:18 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-16 15:18 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-16 15:18 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-16 15:18 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-16 15:18 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-16 15:18 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-16 15:18 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-16 15:18 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-16 15:18 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-16 15:18 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 14:32 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 14:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-12 14:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 14:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-12 14:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 14:32 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2011-08-04 22:53 . 2011-08-04 22:53 1110476 ----a-w- c:\program files (x86)\7-Zip.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-04 18:12 220632 ----a-w- c:\users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-04 18:12 220632 ----a-w- c:\users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-04 18:12 220632 ----a-w- c:\users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-08-14 5537136]
"TkBellExe"="c:\program files (x86)\real\realplayer\update\realsched.exe" [2013-12-02 295512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140122.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140122.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1501000.012\SYMNETS.SYS [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-14 22:30 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:07]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 03:28]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 03:28]
.
2014-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001Core.job
- c:\users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 12:05]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1135327352-3689979529-191883833-1001UA.job
- c:\users\Lido\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 12:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-04 18:13 244696 ----a-w- c:\users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-04 18:13 244696 ----a-w- c:\users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-04 18:13 244696 ----a-w- c:\users\Lido\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 20:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Lido\AppData\Roaming\Mozilla\Firefox\Profiles\awdmrlgc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
FF - ExtSQL: 2013-12-02 17:36; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6} - c:\program files\SafeCopy\ShellExtension\ShellExtension.dll
ShellIconOverlayIdentifiers-{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD} - c:\program files\SafeCopy\ShellExtension\ShellExtension.dll
ShellIconOverlayIdentifiers-{95DDC869-FC98-4D47-BD34-2EDC9AA09C01} - c:\program files\SafeCopy\ShellExtension\ShellExtension.dll
ShellIconOverlayIdentifiers-{2CDD871E-60EB-40BD-9721-A1CB57042F75} - c:\program files\SafeCopy\ShellExtension\ShellExtension.dll
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\switch.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_Ë\00\00Ë\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~Ë\00\00Ë\00\00\00\00j\00\00\00\00\00\00\00\00‘’“"
.
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.1.0.18;c:\program files (x86)\Norton Security Suite\Engine64\21.1.0.18"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1135327352-3689979529-191883833-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D1ABBF1C-50D9-FB57-3C4A-05F610D08DD6}*]
@Allowed: (Read) (RestrictedCode)
"oaoiildhbnihpeedkgfafolcdpbebg"=hex:64,61,70,67,63,66,6a,61,00,fc
"oakhogoojepcdbacdhcggkgadbmipl"=hex:69,61,68,68,6d,67,6e,6b,6f,65,6c,63,69,70,
65,6c,62,6d,00,00
"naeiclcakbgimkooabhkkpfnkaif"=hex:6a,61,6f,67,63,66,69,6e,64,70,6e,6e,6c,61,
67,62,62,6a,6f,6b,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-24 09:59:56
ComboFix-quarantined-files.txt 2014-01-24 14:59
.
Pre-Run: 299,319,431,168 bytes free
Post-Run: 298,616,676,352 bytes free
.
- - End Of File - - 3ACF2FDF8AE89916ABEA3AEC411333F7
  • 0

#6
gringo_pr
Posted 25 January 2014 - 07:24 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello VICFROMBAYVILLE

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#7
VICFROMBAYVILLE
Posted 26 January 2014 - 02:08 PM

VICFROMBAYVILLE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
some trouble doing this.
used Notepad to create txt file "ClearJavaCache::"
dragged this file to ComboFix
Got C:\ Administrator message
Please wait.
ComboFix is perparing to run.
Then popup CFscript Name Error popup
Were you trying to run CFScript?
The name, CFScript appears to be incorrectly spelt.

Closed these boxes and await your reply.

I am still able to use my computer on and off the Internet.
akamaihd popup still occurs occasionally on selections while online.

Vic

Attached Files


  • 0

#8
gringo_pr
Posted 26 January 2014 - 02:52 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello VICFROMBAYVILLE

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#9
VICFROMBAYVILLE
Posted 26 January 2014 - 03:13 PM

VICFROMBAYVILLE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
7-Zip 9.20
Acoustic Labs Multitrack Recorder (Demo)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.05)
Amazon Links
Amazon MP3 Downloader 1.0.17
Amazon Unbox Video
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Audacity 2.0.3
Audible Download Manager
AudibleManager
Audiograbber 1.83 SE
Audiograbber MP3 Plugin
Avery Wizard 4.0
Bing Rewards Client Installer
Canta 1.11
ConvertHelper 2.2
Corel WinDVD
CyberLink PowerDirector 12
CyberLink WaveEditor 2
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct MIDI to MP3 Converter version 6.2.2.46
DVD Shrink 3.2
EdiView Finder v1.0.7
FFmpeg for Audacity on Windows
FFmpeg v0.6.2 for Audacity
Freemake Audio Converter version 1.1.0
Google Chrome
Google Drive
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
HandBrake 0.9.6
Inkling Sketch Manager
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
IPCam Surveillance Software 3.0.5.7
iSEEK AnswerWorks English Runtime
Java 7 Update 45
Java Auto Updater
Java™ 6 Update 17
Junk Mail filter update
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Norton PC Checkup
Norton Security Suite
Photo Common
Photo Gallery
Picasa 3
PlayReady PC Runtime x86
Quicken 2011
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
Safari
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Serif PanoramaPlus Starter Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype Launcher
Skype™ 6.6
Switch Sound File Converter
TiVo Desktop 2.8.3
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TreeSize Free V2.7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Utility Common Driver
Visual C++ 9.0 CRT (x86) WinSXS MSM
VLC media player 1.1.7
WavePad Sound Editor
WD Quick View
WD SmartWare Installer
What's Running 3.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
  • 0

#10
gringo_pr
Posted 26 January 2014 - 11:34 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

Advertisements

#11
VICFROMBAYVILLE
Posted 27 January 2014 - 01:17 PM

VICFROMBAYVILLE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
On how I am doing now - I continue to get request for update from Oracle - I have been closing this request - OK?
Here are the files you requested - all scans ran easily
===============
MBAM
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Lido :: LIDO-PC [administrator]

1/27/2014 1:50:52 PM
mbam-log-2014-01-27 (13-50-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219097
Time elapsed: 7 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\Software\iVIDI Plugin (PUP.Optional.Ividi.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Lido\Downloads\outlook express setup.exe (PUP.Optional.Soft32.A) -> Quarantined and deleted successfully.
C:\Users\Lido\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Windows\Installer\112b0f0.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Lido\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.

(end)
================================
Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:07:56 PM, on 1/27/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Lido\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (file missing)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Amazon Unbox.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12252 bytes

thank you - glad to see you feel we are making progress. I am able to continue to use my pc productively as we do this job.
Vic
  • 0

#12
gringo_pr
Posted 27 January 2014 - 03:54 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - Global Startup: Amazon Unbox.lnk = ?

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#13
VICFROMBAYVILLE
Posted 27 January 2014 - 06:46 PM

VICFROMBAYVILLE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
unexpected prompt while trying to run Eset web page on IE
get popup win saying I am not running IE and asking me to authorize a download

please advise
  • 0

#14
gringo_pr
Posted 27 January 2014 - 07:02 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

At this time that is normal and go ahead with the download


gringo
  • 0

#15
VICFROMBAYVILLE
Posted 29 January 2014 - 09:35 AM

VICFROMBAYVILLE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
================================ ESET SCAN =================
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe.vir a variant of Win32/Toolbar.BitCocktail.B application
C:\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\DefaultTab\DefaultTabSearch.exe.vir a variant of Win32/Toolbar.DefaultTab.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-buttonutil64.dll.vir probably a variant of Win64/Toolbar.Crossrider.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\The weDownload Manager\The weDownload Manager-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.B application
C:\AdwCleaner\Quarantine\C\Users\Lido\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir a variant of Win32/Toolbar.DefaultTab.B application
C:\AdwCleaner\Quarantine\C\Users\Lido\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir a variant of Win32/Toolbar.DefaultTab.B application
C:\AdwCleaner\Quarantine\C\Users\Lido\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir a variant of Win32/Toolbar.DefaultTab.B application
C:\AdwCleaner\Quarantine\C\Users\Lido\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A application
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\ARFC\wrtc.exe.vir Win32/SweetIM.E application
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\jmdp\lmrn.dll.vir Win32/SweetIM.G application
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\jmdp\stij.exe.vir Win32/SweetIM.G application
C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\MAXTORsetup_671412.exe Win32/Toolbar.Zugo application
C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\soas.exe multiple threats
C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\SoftonicDownloader_for_erunt.exe Win32/SoftonicDownloader.A application
C:\Users\Lido\Desktop\MyDocumentsGoldie\Downloads\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Users\Lido\Downloads\agsetup183se.exe a variant of Win32/Toolbar.Funmoods.D application
C:\Users\Lido\Downloads\cbsidlm-cbsi134-Raffle_Ticket-ORG-10494098.exe a variant of Win32/CNETInstaller.B application
C:\Users\Lido\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D application
C:\Users\Lido\Downloads\cnet2_midi2mp3_zip.exe a variant of Win32/InstallCore.D application
C:\Users\Lido\Downloads\FreemakeAudioConverterSetup.exe Win32/OpenCandy application
C:\Users\Lido\Downloads\UpdateMyDrivers.exe Win32/InstallCore.BL application
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP