Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unspecified Malware removal. [Solved]

Started by nfir33 , Jan 23 2014 07:07 AM

  • This topic is locked This topic is locked

#1
nfir33
Posted 23 January 2014 - 07:07 AM

nfir33

    Member

  • Member
  • PipPip
  • 51 posts
Hi
My laptop has been running really slow on start up and I'd really appreciate your help in clearing it up and speeding things up.
I know that I won't be alone when I say I have been looking at the wrong kinds of site, if you hear me?!! Consider it a lesson learnt the hard way!!
I also accessed Front Row Sports to watch "free" sports events and have noticed that when it opens, so do other pages, like Betfair etc that I haven't asked for.
I have found that when I am looking at some other "normal" sites, that when I click on drop downs I am unable to use the scroll bar on them. Instead I have to physically use the arrow keys, which I didn't have to before.
I am not sure in particular which malware/virus I have, but am posting my OTL log in the hope that you may be able to help.
Happy to work away on a list of how to's, but can't seem to find one.

Your help would be very much appreciated.

OTL logfile created on: 23/01/2014 12:32:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nigel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.48% Memory free
7.89 Gb Paging File | 5.49 Gb Available in Paging File | 69.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 356.03 Gb Free Space | 84.40% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.46 Gb Free Space | 94.69% Space Free | Partition Type: NTFS

Computer Name: NIGEL-PC | User Name: Nigel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/23 12:32:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nigel\Downloads\OTL (2).exe
PRC - [2014/01/11 10:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/03 00:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/10 16:07:57 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Nigel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/05/02 12:52:25 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
PRC - [2012/03/17 12:15:35 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/06/15 11:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 08:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/28 23:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/21 02:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 02:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/23 09:09:47 | 000,041,984 | ---- | M] () -- c:\Users\Nigel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdqvvsf.dll
MOD - [2014/01/11 10:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 10:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 10:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 10:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 10:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 10:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/12/18 02:25:54 | 003,610,624 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 23:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/10/10 08:56:41 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 08:56:20 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 08:56:17 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/10 08:45:01 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll
MOD - [2013/10/10 08:45:01 | 001,616,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\8adddb7705138735c42f6765e02f1736\Microsoft.CSharp.ni.dll
MOD - [2013/10/10 08:45:00 | 000,377,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\42b6b61b296d7a6360476d76bbaddfef\System.Dynamic.ni.dll
MOD - [2013/10/10 08:44:59 | 007,070,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7ece4823b0e12cae58be346bbc3cdeac\System.Core.ni.dll
MOD - [2013/09/13 07:15:28 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 19:09:03 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\aabbed019df19cbda3b3dfb80fa98bf0\IAStorUtil.ni.dll
MOD - [2013/08/14 16:26:50 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 16:26:29 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 16:26:24 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/13 21:13:48 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013/08/13 21:13:45 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/07/20 20:34:12 | 000,194,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\a3d4488653ed969fd7acbf06b611994e\CustomMarshalers.ni.dll
MOD - [2013/07/20 20:30:52 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll
MOD - [2013/07/11 22:25:48 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/11 22:14:19 | 014,418,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/03/17 12:15:35 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011/06/22 10:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/26 12:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/05/02 12:52:30 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe -- (SNAC)
SRV - [2012/05/02 12:52:29 | 002,601,544 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe -- (SmcService)
SRV - [2012/05/02 12:52:25 | 000,137,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/21 02:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 02:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 15:11:25 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/06/22 15:10:46 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2012/05/02 12:52:48 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/05/02 12:52:48 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/05/02 12:52:48 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/05/02 12:52:48 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2012/05/02 12:52:48 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/05/02 12:52:48 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/05/02 12:52:48 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/17 12:26:06 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/03/17 12:26:04 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/03/17 12:23:22 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/03/17 12:23:22 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 03:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/29 03:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/15 03:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/04/08 01:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/25 10:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 09:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/18 08:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/28 23:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 10:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 06:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 08:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/08/16 09:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 20:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/16 01:45:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2014/01/15 22:38:40 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140122.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/18 00:32:31 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/12/14 13:36:25 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/25 20:46:01 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/20 20:04:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140122.009\ex64.sys -- (NAVEX15)
DRV - [2013/11/20 20:04:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140122.009\eng64.sys -- (NAVENG)
DRV - [2012/05/02 12:52:48 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7BFFD145-2436-1706-790C-75CBE16BB935}
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.mysearc...r=839826918&ir=
IE:64bit: - HKLM\..\SearchScopes\{7BFFD145-2436-1706-790C-75CBE16BB935}: "URL" = http://www.google.co...ng}&rlz=1I7XXXX
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {29F4B99B-54AF-B487-E175-07D128F1A77B}
IE - HKLM\..\SearchScopes\{29F4B99B-54AF-B487-E175-07D128F1A77B}: "URL" = http://www.google.co...ng}&rlz=1I7XXXX
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.mysearc...r=839826918&ir=
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7DSGQ_enGB492
IE - HKCU\..\SearchScopes\{7BFFD145-2436-1706-790C-75CBE16BB935}: "URL" = http://www.google.co...1I7DSGQ_enGB492
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKCU\..\SearchScopes\{E9D0035C-030C-4B8E-B51E-C4710B3BBE36}: "URL" = http://search.condui...&ctid=CT2896708
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF [2013/12/14 21:17:01 | 000,000,000 | ---D | M]

[2013/06/15 08:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions
[2013/06/15 08:56:18 | 000,000,000 | ---D | M] ("MySearchDial" />) -- C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2013/06/09 11:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Skype Click to Call = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [NextLive] C:\Users\Nigel\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [Spotify] C:\Users\Nigel\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Nigel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504BD617-43DF-4C30-9737-FFED75F8B869}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504BD617-43DF-4C30-9737-FFED75F8B869}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D321C99C-E93D-4C84-8358-D79D44D14242}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D321C99C-E93D-4C84-8358-D79D44D14242}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/17 10:41:39 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\FLEXnet
[2014/01/17 10:40:54 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Zeon
[2014/01/17 10:39:17 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Documents\Optimizer Pro
[2014/01/17 10:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2014/01/17 10:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2014/01/17 10:36:05 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\Downloaded Installations
[2014/01/17 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Nigel\.android
[2014/01/17 10:34:33 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\cache
[2014/01/17 10:34:32 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\newnext.me
[2014/01/17 10:34:31 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Documents\Mobogenie
[2014/01/17 10:34:31 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\Mobogenie
[2014/01/17 10:34:31 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\genienext
[2014/01/17 10:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/01/12 20:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/12 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/12 20:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/12 20:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/12 20:08:08 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\{1FA49673-72DC-4DB4-8524-33CFD2238583}
[2014/01/12 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Windows Live Writer
[2014/01/12 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\Windows Live Writer
[2014/01/08 20:03:08 | 000,000,000 | R--D | C] -- C:\Users\Nigel\Dropbox
[2014/01/08 20:02:27 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\DropboxMaster
[2014/01/08 20:02:09 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/01/08 20:01:44 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Dropbox
[2014/01/06 11:48:50 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Desktop\NR
[2014/01/06 11:46:09 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Desktop\Personal

========== Files - Modified Within 30 Days ==========

[2014/01/23 12:06:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/23 09:43:09 | 000,517,973 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/01/23 09:16:25 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 09:16:25 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 09:14:10 | 000,730,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/23 09:14:10 | 000,631,778 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/23 09:14:10 | 000,111,870 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/23 09:09:29 | 000,001,926 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2014/01/23 09:09:08 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/23 09:08:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/23 09:08:39 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/22 19:27:24 | 000,209,680 | ---- | M] () -- C:\Users\Nigel\Desktop\Measurements.pdf
[2014/01/22 19:26:17 | 000,205,157 | ---- | M] () -- C:\Users\Nigel\Documents\Scan0010.pdf
[2014/01/21 08:40:23 | 005,051,736 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/17 17:42:41 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/17 09:56:22 | 001,436,716 | ---- | M] () -- C:\Users\Nigel\Desktop\Rancher Wire Leaflet.pdf
[2014/01/17 09:48:41 | 000,000,394 | ---- | M] () -- C:\windows\tasks\MyTurboPC.job
[2014/01/13 20:49:03 | 000,046,315 | ---- | M] () -- C:\Users\Nigel\Desktop\Fear.jpg
[2014/01/12 20:35:55 | 000,190,120 | -H-- | M] () -- C:\windows\SysWow64\mlfcache.dat
[2014/01/12 20:20:14 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/08 20:03:08 | 000,001,039 | ---- | M] () -- C:\Users\Nigel\Desktop\Dropbox.lnk
[2014/01/08 20:02:32 | 000,001,049 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/07 10:27:49 | 000,725,962 | ---- | M] () -- C:\Users\Nigel\Desktop\Certified ID.pdf
[2014/01/07 10:25:05 | 000,721,435 | ---- | M] () -- C:\Users\Nigel\Documents\Scan0009.pdf
[2013/12/29 19:06:14 | 000,025,004 | ---- | M] () -- C:\Users\Nigel\Desktop\9 Nov to 9 Dec.pdf
[2013/12/29 19:05:29 | 000,029,908 | ---- | M] () -- C:\Users\Nigel\Desktop\10 Oct to 8 Nov.pdf
[2013/12/29 19:04:29 | 000,029,801 | ---- | M] () -- C:\Users\Nigel\Desktop\10 Sept to 9 Oct.pdf
[2013/12/29 19:02:35 | 000,136,798 | ---- | M] () -- C:\Users\Nigel\Desktop\Aug and Sept.pdf
[2013/12/29 19:01:41 | 000,132,274 | ---- | M] () -- C:\Users\Nigel\Documents\Scan0008.pdf

========== Files Created - No Company Name ==========

[2014/01/22 19:27:24 | 000,209,680 | ---- | C] () -- C:\Users\Nigel\Desktop\Measurements.pdf
[2014/01/22 19:26:16 | 000,205,157 | ---- | C] () -- C:\Users\Nigel\Documents\Scan0010.pdf
[2014/01/17 09:56:22 | 001,436,716 | ---- | C] () -- C:\Users\Nigel\Desktop\Rancher Wire Leaflet.pdf
[2014/01/13 20:49:02 | 000,046,315 | ---- | C] () -- C:\Users\Nigel\Desktop\Fear.jpg
[2014/01/12 20:35:55 | 000,190,120 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2014/01/12 20:20:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/08 20:03:08 | 000,001,039 | ---- | C] () -- C:\Users\Nigel\Desktop\Dropbox.lnk
[2014/01/08 20:02:30 | 000,001,049 | ---- | C] () -- C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/07 10:27:49 | 000,725,962 | ---- | C] () -- C:\Users\Nigel\Desktop\Certified ID.pdf
[2014/01/07 10:25:05 | 000,721,435 | ---- | C] () -- C:\Users\Nigel\Documents\Scan0009.pdf
[2013/12/29 19:06:14 | 000,025,004 | ---- | C] () -- C:\Users\Nigel\Desktop\9 Nov to 9 Dec.pdf
[2013/12/29 19:05:29 | 000,029,908 | ---- | C] () -- C:\Users\Nigel\Desktop\10 Oct to 8 Nov.pdf
[2013/12/29 19:04:29 | 000,029,801 | ---- | C] () -- C:\Users\Nigel\Desktop\10 Sept to 9 Oct.pdf
[2013/12/29 19:02:35 | 000,136,798 | ---- | C] () -- C:\Users\Nigel\Desktop\Aug and Sept.pdf
[2013/12/29 19:01:41 | 000,132,274 | ---- | C] () -- C:\Users\Nigel\Documents\Scan0008.pdf
[2013/06/15 08:56:23 | 000,423,709 | ---- | C] () -- C:\Users\Nigel\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2013/05/20 21:37:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/25 15:40:54 | 000,060,864 | ---- | C] () -- C:\Users\Nigel\g2mdlhlpx.exe
[2013/01/22 13:48:29 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/11/20 23:34:02 | 054,369,963 | ---- | C] () -- C:\Users\Nigel\AppData\Local\AdobeSetupUtility.zip.aamdownload
[2012/11/20 23:34:02 | 000,000,809 | ---- | C] () -- C:\Users\Nigel\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
[2012/10/18 14:21:39 | 000,000,060 | ---- | C] () -- C:\windows\OfficeToAny.INI
[2012/10/18 14:20:30 | 000,000,020 | ---- | C] () -- C:\Users\Nigel\minitool.ini
[2012/06/21 22:01:42 | 000,000,000 | ---- | C] () -- C:\Users\Nigel\AppData\Local\{041F0B28-9E2C-4630-A526-81F6BF0039A4}
[2012/06/21 21:42:58 | 000,000,000 | ---- | C] () -- C:\Users\Nigel\AppData\Local\{0D615036-16C7-455C-97BB-9BF1BDB2E25D}
[2012/06/21 19:50:16 | 000,017,408 | ---- | C] () -- C:\Users\Nigel\AppData\Local\WebpageIcons.db
[2012/03/17 12:31:08 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012/03/17 12:31:08 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012/03/17 12:15:38 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012/03/17 12:15:38 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012/03/17 12:15:38 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012/03/17 12:15:38 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012/03/17 12:15:33 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012/03/17 12:08:37 | 000,001,803 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2012/03/17 12:08:37 | 000,001,803 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2012/03/17 12:05:51 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012/03/17 11:54:34 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/03/17 11:54:33 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/03/17 11:54:32 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/11 20:22:47 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\DriverCure
[2014/01/23 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Dropbox
[2014/01/08 20:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\DropboxMaster
[2013/10/11 20:22:46 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\MyTurboPC.com
[2014/01/23 09:09:31 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\newnext.me
[2012/11/21 07:22:24 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\PDAppFlex
[2014/01/23 09:10:26 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Spotify
[2012/10/18 21:04:15 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/01/22 15:37:11 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\TeamViewer
[2014/01/12 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Windows Live Writer
[2014/01/17 10:47:37 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Zeon

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 23 January 2014 - 09:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets try this and see what the upshot is :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.mysearc...r=839826918&ir=
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.mysearc...r=839826918&ir=
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKCU\..\SearchScopes\{E9D0035C-030C-4B8E-B51E-C4710B3BBE36}: "URL" = http://search.condui...&ctid=CT2896708
[2013/06/15 08:56:18 | 000,000,000 | ---D | M] ("MySearchDial" />) -- C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [NextLive] C:\Users\Nigel\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
[2014/01/17 10:39:17 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Documents\Optimizer Pro
[2014/01/17 10:34:32 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\newnext.me
[2014/01/17 10:34:31 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Documents\Mobogenie
[2014/01/17 10:34:31 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\Mobogenie
[2014/01/17 10:34:31 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\genienext
[2014/01/17 10:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/10/11 20:22:46 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\MyTurboPC.com
[2013/06/15 08:56:23 | 000,423,709 | ---- | C] () -- C:\Users\Nigel\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[2014/01/17 09:48:41 | 000,000,394 | ---- | M] () -- C:\windows\tasks\MyTurboPC.job

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#3
nfir33
Posted 23 January 2014 - 11:01 AM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Essexboy
Firstly, thanks for getting back to me. Your help is much appreciated.
Got 2 things to post. 1st log from OTL when it finished running before reboot and then next log on reboot and running OTL again.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9D0035C-030C-4B8E-B51E-C4710B3BBE36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D0035C-030C-4B8E-B51E-C4710B3BBE36}\ not found.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\images\defavs folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\css folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\modules\data folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\modules folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\tr folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\pt_BR folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\pl folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\nl folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\ja folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\it folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\hi folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\fr folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\es folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\en-US folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\de folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\ar folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\scripts\resources folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\scripts folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\tabs folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\readitlater\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\readitlater folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\gallery\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\gallery folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\defaults\favs folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\defaults folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\css folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\components folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpeetItUpFree deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
C:\Users\Nigel\AppData\Roaming\newnext.me\nengine.dll moved successfully.
C:\Users\Nigel\Documents\Optimizer Pro folder moved successfully.
C:\Users\Nigel\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\Nigel\AppData\Roaming\newnext.me folder moved successfully.
C:\Users\Nigel\Documents\Mobogenie folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\driver folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download\Video folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download\Picture folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download\Music folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download\Apk folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\device folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Data folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\backup folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie folder moved successfully.
C:\Users\Nigel\AppData\Local\genienext folder moved successfully.
C:\Program Files (x86)\Mobogenie folder moved successfully.
C:\Users\Nigel\AppData\Roaming\MyTurboPC.com\MyTurboPC folder moved successfully.
C:\Users\Nigel\AppData\Roaming\MyTurboPC.com folder moved successfully.
C:\Users\Nigel\AppData\Local\mysearchdial_speedial_v9.0.2.crx moved successfully.
C:\Windows\Tasks\MyTurboPC.job moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nigel
->Temp folder emptied: 479365722 bytes
->Temporary Internet Files folder emptied: 912483597 bytes
->Java cache emptied: 137048 bytes
->Google Chrome cache emptied: 307224891 bytes
->Flash cache emptied: 21211 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 791693724 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 2356745588 bytes

Total Files Cleaned = 4,623.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01232014_163501

Files\Folders moved on Reboot...
C:\Users\Nigel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{55ACBE5B-50B3-4E12-87E5-1F25573A4895}.tmp not found!
File\Folder C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{61E46D3A-9A6E-4609-983F-193D786043FC}.tmp not found!
C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9D0035C-030C-4B8E-B51E-C4710B3BBE36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9D0035C-030C-4B8E-B51E-C4710B3BBE36}\ not found.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\images\defavs folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\icons folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin\css folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\skin folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\modules\data folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\modules folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\tr folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\pt_BR folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\pl folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\nl folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\ja folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\it folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\hi folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\fr folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\es folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\en-US folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\de folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale\ar folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\locale folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults\preferences folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\defaults folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\scripts\resources folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\scripts folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\tabs folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\readitlater\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\readitlater folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\gallery\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites\gallery folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins\favorites folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\plugins folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\images folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\external folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\defaults\favs folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\defaults folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content\css folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\content folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}\components folder moved successfully.
C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpeetItUpFree deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive deleted successfully.
C:\Users\Nigel\AppData\Roaming\newnext.me\nengine.dll moved successfully.
C:\Users\Nigel\Documents\Optimizer Pro folder moved successfully.
C:\Users\Nigel\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\Nigel\AppData\Roaming\newnext.me folder moved successfully.
C:\Users\Nigel\Documents\Mobogenie folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\driver folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download\Video folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download\Picture folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download\Music folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download\Apk folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Download folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\device folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\Data folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie\backup folder moved successfully.
C:\Users\Nigel\AppData\Local\Mobogenie folder moved successfully.
C:\Users\Nigel\AppData\Local\genienext folder moved successfully.
C:\Program Files (x86)\Mobogenie folder moved successfully.
C:\Users\Nigel\AppData\Roaming\MyTurboPC.com\MyTurboPC folder moved successfully.
C:\Users\Nigel\AppData\Roaming\MyTurboPC.com folder moved successfully.
C:\Users\Nigel\AppData\Local\mysearchdial_speedial_v9.0.2.crx moved successfully.
C:\Windows\Tasks\MyTurboPC.job moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nigel
->Temp folder emptied: 479365722 bytes
->Temporary Internet Files folder emptied: 912483597 bytes
->Java cache emptied: 137048 bytes
->Google Chrome cache emptied: 307224891 bytes
->Flash cache emptied: 21211 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 791693724 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78039 bytes
RecycleBin emptied: 2356745588 bytes

Total Files Cleaned = 4,623.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01232014_163501

Files\Folders moved on Reboot...
C:\Users\Nigel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{55ACBE5B-50B3-4E12-87E5-1F25573A4895}.tmp not found!
File\Folder C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{61E46D3A-9A6E-4609-983F-193D786043FC}.tmp not found!
C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#4
nfir33
Posted 23 January 2014 - 11:17 AM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Essexboy
Adwcleaner report

# AdwCleaner v3.017 - Report created 23/01/2014 at 17:11:30
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nigel - NIGEL-PC
# Running from : C:\Users\Nigel\Downloads\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Computer Updater
Folder Deleted : C:\Program Files (x86)\FirstRowSportApp.com
Folder Deleted : C:\Users\Nigel\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Nigel\AppData\Roaming\newnext.me
File Deleted : C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\user.js
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\MyTurboPC

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Computer Updater

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4557 octets] - [23/01/2014 17:05:07]
AdwCleaner[S0].txt - [4361 octets] - [23/01/2014 17:11:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4421 octets] ##########
  • 0

#5
nfir33
Posted 23 January 2014 - 11:29 AM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
And finally, last log

# AdwCleaner v3.017 - Report created 23/01/2014 at 17:11:30
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nigel - NIGEL-PC
# Running from : C:\Users\Nigel\Downloads\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Computer Updater
Folder Deleted : C:\Program Files (x86)\FirstRowSportApp.com
Folder Deleted : C:\Users\Nigel\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Nigel\AppData\Roaming\newnext.me
File Deleted : C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\user.js
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\windows\System32\Tasks\MyTurboPC

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Computer Updater

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\Nigel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4557 octets] - [23/01/2014 17:05:07]
AdwCleaner[S0].txt - [4361 octets] - [23/01/2014 17:11:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4421 octets] ##########
  • 0

#6
nfir33
Posted 23 January 2014 - 11:34 AM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Essexboy
Last log
Let me know your thoughts and I'll carry out anything that still needs to be done.
Thanks


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Nigel on 23/01/2014 at 17:20:13.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-886349647-2626006078-2095332872-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Nigel\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/01/2014 at 17:28:26.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
Essexboy
Posted 23 January 2014 - 11:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well that cleared a tad rubbish .. Next how is the computer behaving ?

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#8
nfir33
Posted 23 January 2014 - 12:01 PM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Essexboy
I ran the MBR and first time round the laptop shut itself down and then came back on saying a lead wasnt connected, press any key. I tried doing that and we were in a loop, so I shut it down. Strange!
Anyway, here is the log
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-23 17:57:08
-----------------------------
17:57:08.668 OS Version: Windows x64 6.1.7601 Service Pack 1
17:57:08.668 Number of processors: 4 586 0x2A07
17:57:08.670 ComputerName: NIGEL-PC UserName: Nigel
17:57:10.146 Initialize success
17:57:29.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:57:29.161 Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3
17:57:29.470 Disk 0 MBR read successfully
17:57:29.475 Disk 0 MBR scan
17:57:29.480 Disk 0 Windows 7 default MBR code
17:57:29.495 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
17:57:29.502 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 431938 MB offset 411648
17:57:29.507 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 885020672
17:57:29.535 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 945829888
17:57:29.627 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 885022720
17:57:29.777 Disk 0 scanning C:\windows\system32\drivers
17:57:42.845 Service scanning
17:57:46.349 Service BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx64.sys **LOCKED** 5
17:57:49.227 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
17:57:49.895 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
17:57:51.453 Service IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140122.001\IDSvia64.sys **LOCKED** 5
17:57:53.665 Service NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140122.009\ENG64.SYS **LOCKED** 5
17:57:53.739 Service NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140122.009\EX64.SYS **LOCKED** 5
17:57:57.066 Service SRTSPX C:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS **LOCKED** 5
17:57:57.493 Service SyDvCtrl C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys **LOCKED** 5
17:57:57.549 Service SymDS C:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS **LOCKED** 5
17:57:57.609 Service SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
17:57:57.657 Service SymIRON C:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS **LOCKED** 5
17:57:57.709 Service SYMNETS C:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS **LOCKED** 5
17:57:57.853 Service SysPlant C:\windows\system32\Drivers\SysPlant.sys **LOCKED** 5
17:57:58.458 Service Teefer2 C:\windows\system32\DRIVERS\Teefer.sys **LOCKED** 5
17:58:01.612 Modules scanning
17:58:01.633 Disk 0 trace - called modules:
17:58:01.669 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:58:01.677 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065ff060]
17:58:01.685 3 CLASSPNP.SYS[fffff880015c643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047ba050]
17:58:01.693 Scan finished successfully
17:58:29.470 Disk 0 MBR has been saved successfully to "C:\Users\Nigel\Desktop\MBR.dat"
17:58:29.477 The log file has been saved successfully to "C:\Users\Nigel\Desktop\aswMBR.txt"
  • 0

#9
Essexboy
Posted 23 January 2014 - 12:11 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK what problems are currently outstanding ?
  • 0

#10
nfir33
Posted 23 January 2014 - 12:19 PM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Essexboy
I think that is us all sorted, apart from laptop going straight to optimising mode on boot up which it doesn't normally do.
Apart from that, things seems much faster.
Thanks so much for your help, it is very much appreciated.
  • 0

Advertisements

#11
Essexboy
Posted 23 January 2014 - 12:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Does this appear on every boot ? optimising mode and is it a normal (ish) process
  • 0

#12
nfir33
Posted 23 January 2014 - 12:49 PM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi
No it shouldn't appear each time.
It seems to be acting up a bit still. Email is taking longer to load and web pages
  • 0

#13
Essexboy
Posted 23 January 2014 - 12:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets have a look see

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

THEN

There will be just one log this time

  • Run OTL.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#14
nfir33
Posted 23 January 2014 - 01:18 PM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Nigel :: NIGEL-PC [administrator]

Protection: Enabled

23/01/2014 19:07:31
mbam-log-2014-01-23 (19-07-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209503
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 18
C:\Users\Nigel\Downloads\FirstRowSportApps_Setup55 (1).exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\FirstRowSportApps_Setup55 (2).exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\FirstRowSportApps_Setup55.exe (PUP.BundleInstaller.DW) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\FLVPlayerSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\FreeFileViewer2012Setup.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\freefileviewer_730.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\iLividSetup-r367-n-bc (1).exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\iLividSetup-r367-n-bc.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\video-media-download_setup (1).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\video-media-download_setup (2).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\video-media-download_setup (3).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\video-media-download_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\xvidly_setup (1).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\xvidly_setup (2).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\xvidly_setup (3).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\xvidly_setup (4).exe (PUP.Downware) -> Quarantined and deleted successfully.
C:\Users\Nigel\Downloads\xvidly_setup.exe (PUP.Downware) -> Quarantined and deleted successfully.

(end)
  • 0

#15
nfir33
Posted 23 January 2014 - 01:36 PM

nfir33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Hi Essexboy
Can't find the other log, but here is the OTL.txt

OTL logfile created on: 23/01/2014 19:21:38 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nigel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.95 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.74% Memory free
7.89 Gb Paging File | 5.41 Gb Available in Paging File | 68.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421.81 Gb Total Space | 359.96 Gb Free Space | 85.34% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.46 Gb Free Space | 94.69% Space Free | Partition Type: NTFS

Computer Name: NIGEL-PC | User Name: Nigel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/23 19:20:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nigel\Downloads\OTL (5).exe
PRC - [2014/01/11 10:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/03 00:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/10 16:07:57 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Nigel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/05/02 12:52:25 | 000,137,208 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe
PRC - [2012/03/17 12:15:35 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/06/15 11:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/02/18 08:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/28 23:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/12/21 02:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 02:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/23 19:16:17 | 000,041,984 | ---- | M] () -- c:\Users\Nigel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi_t8ny.dll
MOD - [2014/01/11 10:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 10:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 10:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 10:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 10:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/12/18 02:25:54 | 003,610,624 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 23:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/10/10 08:56:41 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 08:56:20 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 08:56:17 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/10 08:45:01 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\485a21406ce7d08fe6cf0b40b706f460\System.Windows.Forms.ni.dll
MOD - [2013/10/10 08:45:01 | 001,616,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\8adddb7705138735c42f6765e02f1736\Microsoft.CSharp.ni.dll
MOD - [2013/10/10 08:45:00 | 000,377,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\42b6b61b296d7a6360476d76bbaddfef\System.Dynamic.ni.dll
MOD - [2013/10/10 08:44:59 | 007,070,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7ece4823b0e12cae58be346bbc3cdeac\System.Core.ni.dll
MOD - [2013/09/13 07:15:28 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 19:09:03 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\aabbed019df19cbda3b3dfb80fa98bf0\IAStorUtil.ni.dll
MOD - [2013/08/14 16:26:50 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 16:26:29 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 16:26:24 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/13 21:13:48 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013/08/13 21:13:45 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/07/20 20:34:12 | 000,194,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\a3d4488653ed969fd7acbf06b611994e\CustomMarshalers.ni.dll
MOD - [2013/07/20 20:30:52 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8fae59a3cc25d36da6f7f85ef16e441c\IAStorCommon.ni.dll
MOD - [2013/07/11 22:25:48 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/11 22:14:19 | 014,418,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/03/17 12:15:35 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2011/06/22 10:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/26 12:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 09:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/16 19:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 19:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 13:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 09:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/05/02 12:52:30 | 000,325,040 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe -- (SNAC)
SRV - [2012/05/02 12:52:29 | 002,601,544 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe -- (SmcService)
SRV - [2012/05/02 12:52:25 | 000,137,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/02/18 08:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/21 02:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 02:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 15:11:25 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/06/22 15:10:46 | 000,119,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SysPlant.sys -- (SysPlant)
DRV:64bit: - [2012/05/02 12:52:48 | 000,932,472 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012/05/02 12:52:48 | 000,678,008 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/05/02 12:52:48 | 000,451,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012/05/02 12:52:48 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\symnets.sys -- (SYMNETS)
DRV:64bit: - [2012/05/02 12:52:48 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/05/02 12:52:48 | 000,062,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer.sys -- (Teefer2)
DRV:64bit: - [2012/05/02 12:52:48 | 000,039,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SEP\0C01044D\0191.105\x64\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/17 12:26:06 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/03/17 12:26:04 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/03/17 12:23:22 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/03/17 12:23:22 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/29 03:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/29 03:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/15 03:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/04/08 01:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/25 10:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 09:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/18 08:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/28 23:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/28 10:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/10/21 06:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 17:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/30 08:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/08/16 09:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 20:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/16 01:45:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV - [2014/01/15 22:38:40 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20140122.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/18 00:32:31 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/12/14 13:36:25 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/25 20:46:01 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/20 20:04:14 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140122.009\ex64.sys -- (NAVEX15)
DRV - [2013/11/20 20:04:14 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20140122.009\eng64.sys -- (NAVENG)
DRV - [2012/05/02 12:52:48 | 000,029,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\SyDvCtrl64.sys -- (SyDvCtrl)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7BFFD145-2436-1706-790C-75CBE16BB935}
IE:64bit: - HKLM\..\SearchScopes\{7BFFD145-2436-1706-790C-75CBE16BB935}: "URL" = http://www.google.co...ng}&rlz=1I7XXXX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{29F4B99B-54AF-B487-E175-07D128F1A77B}: "URL" = http://www.google.co...ng}&rlz=1I7XXXX


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-886349647-2626006078-2095332872-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-886349647-2626006078-2095332872-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-886349647-2626006078-2095332872-1000\..\SearchScopes\{7BFFD145-2436-1706-790C-75CBE16BB935}: "URL" = http://www.google.co...1I7DSGQ_enGB492
IE - HKU\S-1-5-21-886349647-2626006078-2095332872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-886349647-2626006078-2095332872-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\IPSFF [2013/12/14 21:17:01 | 000,000,000 | ---D | M]

[2014/01/23 16:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nigel\AppData\Roaming\mozilla\firefox\profiles\[ofr2][opt]rs0,[slws][slns]\extensions
[2013/06/09 11:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Skype Click to Call = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Nigel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2014/01/23 16:35:47 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-886349647-2626006078-2095332872-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-886349647-2626006078-2095332872-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-886349647-2626006078-2095332872-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-886349647-2626006078-2095332872-1000..\Run: [Spotify] C:\Users\Nigel\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-886349647-2626006078-2095332872-1000..\Run: [Spotify Web Helper] C:\Users\Nigel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nigel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504BD617-43DF-4C30-9737-FFED75F8B869}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{504BD617-43DF-4C30-9737-FFED75F8B869}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D321C99C-E93D-4C84-8358-D79D44D14242}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D321C99C-E93D-4C84-8358-D79D44D14242}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SEP: DllName - (C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/23 19:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/23 19:03:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/01/23 19:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/23 17:20:11 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/01/23 17:04:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/23 16:35:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/17 10:41:39 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\FLEXnet
[2014/01/17 10:40:54 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Zeon
[2014/01/17 10:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2014/01/17 10:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2014/01/17 10:36:05 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\Downloaded Installations
[2014/01/17 10:34:35 | 000,000,000 | ---D | C] -- C:\Users\Nigel\.android
[2014/01/17 10:34:33 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\cache
[2014/01/15 20:51:51 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys
[2014/01/15 20:51:51 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys
[2014/01/15 20:46:26 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2014/01/12 20:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/01/12 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/01/12 20:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/01/12 20:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/12 20:08:08 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\{1FA49673-72DC-4DB4-8524-33CFD2238583}
[2014/01/12 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Windows Live Writer
[2014/01/12 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Local\Windows Live Writer
[2014/01/08 20:03:08 | 000,000,000 | R--D | C] -- C:\Users\Nigel\Dropbox
[2014/01/08 20:02:27 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\DropboxMaster
[2014/01/08 20:02:09 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/01/08 20:01:44 | 000,000,000 | ---D | C] -- C:\Users\Nigel\AppData\Roaming\Dropbox
[2014/01/06 11:48:50 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Desktop\NR
[2014/01/06 11:46:09 | 000,000,000 | ---D | C] -- C:\Users\Nigel\Desktop\Personal

========== Files - Modified Within 30 Days ==========

[2014/01/23 19:22:44 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 19:22:44 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 19:20:24 | 000,730,448 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/23 19:20:24 | 000,631,778 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/23 19:20:24 | 000,111,870 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/23 19:16:21 | 000,521,223 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/01/23 19:16:03 | 000,001,926 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2014/01/23 19:15:58 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/23 19:15:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/23 19:15:01 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/23 19:06:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/23 19:03:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/23 17:58:29 | 000,000,512 | ---- | M] () -- C:\Users\Nigel\Desktop\MBR.dat
[2014/01/23 16:35:47 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/01/22 19:27:24 | 000,209,680 | ---- | M] () -- C:\Users\Nigel\Desktop\Measurements.pdf
[2014/01/22 19:26:17 | 000,205,157 | ---- | M] () -- C:\Users\Nigel\Documents\Scan0010.pdf
[2014/01/21 08:40:23 | 005,051,736 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/17 17:42:41 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/17 09:56:22 | 001,436,716 | ---- | M] () -- C:\Users\Nigel\Desktop\Rancher Wire Leaflet.pdf
[2014/01/13 20:49:03 | 000,046,315 | ---- | M] () -- C:\Users\Nigel\Desktop\Fear.jpg
[2014/01/12 20:35:55 | 000,190,120 | -H-- | M] () -- C:\windows\SysWow64\mlfcache.dat
[2014/01/12 20:20:14 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/08 20:03:08 | 000,001,039 | ---- | M] () -- C:\Users\Nigel\Desktop\Dropbox.lnk
[2014/01/08 20:02:32 | 000,001,049 | ---- | M] () -- C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/07 10:27:49 | 000,725,962 | ---- | M] () -- C:\Users\Nigel\Desktop\Certified ID.pdf
[2014/01/07 10:25:05 | 000,721,435 | ---- | M] () -- C:\Users\Nigel\Documents\Scan0009.pdf
[2013/12/29 19:06:14 | 000,025,004 | ---- | M] () -- C:\Users\Nigel\Desktop\9 Nov to 9 Dec.pdf
[2013/12/29 19:05:29 | 000,029,908 | ---- | M] () -- C:\Users\Nigel\Desktop\10 Oct to 8 Nov.pdf
[2013/12/29 19:04:29 | 000,029,801 | ---- | M] () -- C:\Users\Nigel\Desktop\10 Sept to 9 Oct.pdf
[2013/12/29 19:02:35 | 000,136,798 | ---- | M] () -- C:\Users\Nigel\Desktop\Aug and Sept.pdf
[2013/12/29 19:01:41 | 000,132,274 | ---- | M] () -- C:\Users\Nigel\Documents\Scan0008.pdf

========== Files Created - No Company Name ==========

[2014/01/23 19:03:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/23 17:58:29 | 000,000,512 | ---- | C] () -- C:\Users\Nigel\Desktop\MBR.dat
[2014/01/22 19:27:24 | 000,209,680 | ---- | C] () -- C:\Users\Nigel\Desktop\Measurements.pdf
[2014/01/22 19:26:16 | 000,205,157 | ---- | C] () -- C:\Users\Nigel\Documents\Scan0010.pdf
[2014/01/17 09:56:22 | 001,436,716 | ---- | C] () -- C:\Users\Nigel\Desktop\Rancher Wire Leaflet.pdf
[2014/01/13 20:49:02 | 000,046,315 | ---- | C] () -- C:\Users\Nigel\Desktop\Fear.jpg
[2014/01/12 20:35:55 | 000,190,120 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2014/01/12 20:20:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/08 20:03:08 | 000,001,039 | ---- | C] () -- C:\Users\Nigel\Desktop\Dropbox.lnk
[2014/01/08 20:02:30 | 000,001,049 | ---- | C] () -- C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/07 10:27:49 | 000,725,962 | ---- | C] () -- C:\Users\Nigel\Desktop\Certified ID.pdf
[2014/01/07 10:25:05 | 000,721,435 | ---- | C] () -- C:\Users\Nigel\Documents\Scan0009.pdf
[2013/12/29 19:06:14 | 000,025,004 | ---- | C] () -- C:\Users\Nigel\Desktop\9 Nov to 9 Dec.pdf
[2013/12/29 19:05:29 | 000,029,908 | ---- | C] () -- C:\Users\Nigel\Desktop\10 Oct to 8 Nov.pdf
[2013/12/29 19:04:29 | 000,029,801 | ---- | C] () -- C:\Users\Nigel\Desktop\10 Sept to 9 Oct.pdf
[2013/12/29 19:02:35 | 000,136,798 | ---- | C] () -- C:\Users\Nigel\Desktop\Aug and Sept.pdf
[2013/12/29 19:01:41 | 000,132,274 | ---- | C] () -- C:\Users\Nigel\Documents\Scan0008.pdf
[2013/05/20 21:37:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/25 15:40:54 | 000,060,864 | ---- | C] () -- C:\Users\Nigel\g2mdlhlpx.exe
[2013/01/22 13:48:29 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/11/20 23:34:02 | 054,369,963 | ---- | C] () -- C:\Users\Nigel\AppData\Local\AdobeSetupUtility.zip.aamdownload
[2012/11/20 23:34:02 | 000,000,809 | ---- | C] () -- C:\Users\Nigel\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd
[2012/10/18 14:21:39 | 000,000,060 | ---- | C] () -- C:\windows\OfficeToAny.INI
[2012/10/18 14:20:30 | 000,000,020 | ---- | C] () -- C:\Users\Nigel\minitool.ini
[2012/06/21 22:01:42 | 000,000,000 | ---- | C] () -- C:\Users\Nigel\AppData\Local\{041F0B28-9E2C-4630-A526-81F6BF0039A4}
[2012/06/21 21:42:58 | 000,000,000 | ---- | C] () -- C:\Users\Nigel\AppData\Local\{0D615036-16C7-455C-97BB-9BF1BDB2E25D}
[2012/06/21 19:50:16 | 000,017,408 | ---- | C] () -- C:\Users\Nigel\AppData\Local\WebpageIcons.db
[2012/03/17 12:31:08 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012/03/17 12:31:08 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012/03/17 12:15:38 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012/03/17 12:15:38 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012/03/17 12:15:38 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012/03/17 12:15:38 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012/03/17 12:15:33 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012/03/17 12:08:37 | 000,001,803 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2012/03/17 12:08:37 | 000,001,803 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2012/03/17 12:05:51 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012/03/17 11:54:34 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/03/17 11:54:33 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/03/17 11:54:32 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/23 19:16:32 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Dropbox
[2014/01/08 20:03:08 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\DropboxMaster
[2012/11/21 07:22:24 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\PDAppFlex
[2014/01/23 19:16:16 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Spotify
[2012/10/18 21:04:15 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/01/22 15:37:11 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\TeamViewer
[2014/01/12 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Windows Live Writer
[2014/01/17 10:47:37 | 000,000,000 | ---D | M] -- C:\Users\Nigel\AppData\Roaming\Zeon

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 05:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 03:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 03:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/25 01:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 22:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 05:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 04:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 03:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 03:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/09/29 03:19:15 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 03:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 17:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/09/29 03:21:47 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 06:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/25 01:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 03:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 03:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/25 01:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 01:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 03:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 03:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 03:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 03:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 03:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 03:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 05:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 03:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 03:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 03:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 03:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 03:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 03:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 03:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 03:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 03:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 03:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/14 05:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 05:08:49 | 000,032,620 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/03/17 12:21:33 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/03/17 12:21:33 | 000,000,912 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 32A7-3FCB
Directory of C:\
14/07/2009 05:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 05:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\ProgramData\Symantec\Symantec Endpoint Protection
22/06/2012 15:11 <JUNCTION> CurrentVersion [\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 05:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 05:08 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:08 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\All Users\Symantec\Symantec Endpoint Protection
22/06/2012 15:11 <JUNCTION> CurrentVersion [\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 05:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:08 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 05:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 05:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:08 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 05:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:08 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Nigel
21/06/2012 18:20 <JUNCTION> Application Data [C:\Users\Nigel\AppData\Roaming]
21/06/2012 18:20 <JUNCTION> Cookies [C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Cookies]
21/06/2012 18:20 <JUNCTION> Local Settings [C:\Users\Nigel\AppData\Local]
21/06/2012 18:20 <JUNCTION> My Documents [C:\Users\Nigel\Documents]
21/06/2012 18:20 <JUNCTION> NetHood [C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21/06/2012 18:20 <JUNCTION> PrintHood [C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/06/2012 18:20 <JUNCTION> Recent [C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Recent]
21/06/2012 18:20 <JUNCTION> SendTo [C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\SendTo]
21/06/2012 18:20 <JUNCTION> Start Menu [C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Start Menu]
21/06/2012 18:20 <JUNCTION> Templates [C:\Users\Nigel\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Nigel\AppData\Local
21/06/2012 18:20 <JUNCTION> Application Data [C:\Users\Nigel\AppData\Local]
21/06/2012 18:20 <JUNCTION> History [C:\Users\Nigel\AppData\Local\Microsoft\Windows\History]
21/06/2012 18:20 <JUNCTION> Temporary Internet Files [C:\Users\Nigel\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Nigel\Documents
21/06/2012 18:20 <JUNCTION> My Music [C:\Users\Nigel\Music]
21/06/2012 18:20 <JUNCTION> My Pictures [C:\Users\Nigel\Pictures]
21/06/2012 18:20 <JUNCTION> My Videos [C:\Users\Nigel\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:08 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 05:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:08 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
52 Dir(s) 386,402,332,672 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
[2010/11/21 03:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP