i had four icon appear on my desktop that i didnt place there
and ive had a crazy amount of popups
1reg clean pro
2optimizer pro
3system speedup
4advanced system
im including a otl log in the next post
thanks for any help you can give
multiple malware infections that arent on list of known malware infect
Started by
noluv
, Mar 28 2014 07:08 AM
-
This topic is locked
#2
Posted 28 March 2014 - 08:01 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi those are the type of programmes that are bundled with free software. Once I see the OTL log we can commence cleaning
#3
Posted 29 March 2014 - 10:52 AM
noluv
- Topic Starter
-
- Member
-
- 123 posts
Member
OTL logfile created on: 3/28/2014 9:14:49 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\media\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
12.00 Gb Total Physical Memory | 9.23 Gb Available Physical Memory | 76.96% Memory free
23.99 Gb Paging File | 20.37 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.11 Gb Total Space | 29.41 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
Drive E: | 931.32 Gb Total Space | 513.28 Gb Free Space | 55.11% Space Free | Partition Type: NTFS
Computer Name: MEDIA-SERVER | User Name: media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/28 09:14:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL(1).exe
PRC - [2014/03/11 17:19:12 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/01/22 13:47:36 | 001,102,656 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\media\AppData\Roaming\Verizon\UA_ar\UA.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 17:53:26 | 007,833,176 | ---- | M] (System Speedup) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
PRC - [2013/12/12 10:00:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/10/27 10:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/01 20:09:06 | 000,928,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/10/01 20:08:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
PRC - [2013/10/01 20:08:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2013/10/01 16:29:04 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2013/08/09 14:53:42 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/03/27 10:31:55 | 005,571,184 | ---- | M] (Tific) -- C:\Program Files (x86)\Tific\Tific Client G1\TiFiC.exe
PRC - [2012/04/03 13:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 13:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 13:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2012/03/26 17:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/24 19:04:46 | 002,961,368 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
MOD - [2014/03/11 17:19:10 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/27 04:06:16 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 04:06:15 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/27 04:03:28 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 04:03:24 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 04:03:23 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/27 04:03:22 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:03:18 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 04:03:17 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:03:14 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:03:13 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:03:12 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 04:03:11 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:03:11 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/27 04:03:09 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:03:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/14 04:37:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\9d0e03eb37c3998fad8c2a202bb8cc95\IAStorUtil.ni.dll
MOD - [2014/02/14 04:37:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b1f7b4e15aef3faf382db6ba14c81371\IAStorCommon.ni.dll
MOD - [2014/02/14 04:33:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6013ba20c72207054261c46f625ae552\System.Runtime.Remoting.ni.dll
MOD - [2014/02/14 04:33:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c6b80904ea323b50d5e74f059e0c3645\System.Windows.Forms.ni.dll
MOD - [2014/02/14 04:33:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\236414f8e3137dd32f350e41fbdfa2c8\System.Drawing.ni.dll
MOD - [2014/02/14 04:33:15 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\dbc40282ea71e3ca17b22db86d9d394a\WindowsBase.ni.dll
MOD - [2014/02/14 04:33:10 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\aef3e3e63c8a2facdb5b12a0de76c3b9\System.Xml.ni.dll
MOD - [2014/02/14 04:33:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4241d1ece5590df3a828c9739dc82bf2\System.ni.dll
MOD - [2014/02/14 04:33:07 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8a9cfd6b821ec7ec605897b699b69f53\System.Configuration.ni.dll
MOD - [2014/02/14 04:32:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/11 06:29:21 | 000,399,640 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 06:29:17 | 004,055,320 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 06:28:15 | 000,715,544 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 06:28:14 | 000,100,120 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 06:28:11 | 001,634,584 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/12/12 10:00:32 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2011/09/13 16:57:20 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/01 13:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/05/27 17:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 15:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2010/11/25 21:54:14 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/24 18:07:24 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2014/03/14 10:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014/03/11 17:19:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/12 10:00:42 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/27 10:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/07/13 15:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/03/24 21:28:45 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLibG64.sys -- (wStLibG64)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/24 08:10:34 | 000,097,768 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/09/17 22:22:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/08/22 10:35:01 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/10/27 14:31:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/27 14:31:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/03/21 13:54:24 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
DRV:64bit: - [2011/02/24 16:35:30 | 000,499,200 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2010/11/25 23:20:22 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 21:16:48 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/03 11:07:18 | 000,015,160 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)
DRV:64bit: - [2010/02/10 13:37:06 | 000,103,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010/02/09 09:06:54 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/04 14:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9C450A45-059F-4EB9-9F24-9A22C30468E2}
IE:64bit: - HKLM\..\SearchScopes\{9C450A45-059F-4EB9-9F24-9A22C30468E2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D151BD83-D7CB-48AD-95DC-657C629B9A88}
IE - HKLM\..\SearchScopes\{9C450A45-059F-4EB9-9F24-9A22C30468E2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{D151BD83-D7CB-48AD-95DC-657C629B9A88}: "URL" = http://search.condui...4632368112&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bd1377c30-1cf3-4e6f-ae8b-e1fab3664710%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: e46480cf-7cf6-495e-af69-573053f52c72%40b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com:0.94.32
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\media\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\media\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\media\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3ffa62eb-8a4c-476a-9f11-e48305f1db06}: C:\Program Files (x86)\View-Password-soft\157.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/05/26 10:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Extensions
[2014/03/24 19:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions
[2014/02/01 13:05:22 | 000,000,000 | ---D | M] (MyAppStash Appbar) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\{28d65a1b-92be-49c9-a0a7-286aa45a2c63}
[2014/03/24 19:05:01 | 000,000,000 | ---D | M] ("Plus-HD-9.5") -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com
[2014/03/24 19:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com\extensionData
[2014/03/24 19:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com\extensionData\plugins
[2014/03/24 19:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com\extensionData\userCode
[2014/03/24 16:48:14 | 000,008,409 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\{d1377c30-1cf3-4e6f-ae8b-e1fab3664710}.xpi
[2014/03/24 19:04:23 | 000,001,000 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\searchplugins\conduit-search.xml
[2014/03/24 19:05:00 | 000,001,368 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\searchplugins\iminent.xml
[2013/12/12 10:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/12 10:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/12 10:00:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/06 20:35:29 | 000,003,724 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u00C2™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\media\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Ancient History Encyclopedia = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0\
CHR - Extension: Angry Birds = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: SweetPacks = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.400.4_0\
CHR - Extension: SweetPacks = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.26.400.4_0\nativeMessaging\nmHost
CHR - Extension: Weather (extension) = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_1\
CHR - Extension: YouTube = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Firebug Lite for Google Chrome\u00E2\u201E\u00A2 = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Adblock Plus = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Plugins = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop\0.8.0_0\
CHR - Extension: OneTab = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.6_0\
CHR - Extension: Google Search = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: San Francisco Giants Theme = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmbijfnfibgkhdaacnlocmbhljlfdchb\1.0_0\
CHR - Extension: Hulu = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbfbkegodidiagbiilaipobebcplpde\1_0\
CHR - Extension: Planetarium = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\
CHR - Extension: MLB.com Scoreboard = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld\0.1.1_0\
CHR - Extension: Video Downloader - GotClip = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbblceflgjndjmpkhcdpjhidhkcknjen\1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\4.0.1_0\
CHR - Extension: Pocket = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0\
CHR - Extension: Crash Bandicoot = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nepokceeihjekfnomicglbemimfmkibg\2_0\
CHR - Extension: Video Links in a New Media Player Window = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgnenfcakbjnampnknmmolokpcfmbfh\2.1.1_0\
CHR - Extension: Google Wallet = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: New Tab Search = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnmbgnhnkkhemginjfbjlhedjncalkl\1.5_0\
CHR - Extension: Gmail = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RSS Feed Reader = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.2_0\
O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (Plus-HD-9.5) - {11111111-1111-1111-1111-110511311166} - C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-bho64.dll File not found
O2:64bit: - BHO: (MyAppStash Appbar) - {f97bf93f-5582-442f-80d6-7041f392d748} - C:\Program Files (x86)\myappstashvtb\myappstashvDx64.dll File not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (MyAppStash Appbar) - {f97bf93f-5582-442f-80d6-7041f392d748} - C:\Program Files (x86)\myappstashvtb\myappstashvDx64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PAL] "C:\Program Files (x86)\Tific\Tific Client G1\TiFiC.exe" /SYSTRAY /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "English" /SERVER pc.tific.com /TARGET PCPAL /SILENT_OFFLINE /S /HTTPS /SILENT File not found
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [iLivid] "C:\Users\media\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKCU..\Run: [JumiController] File not found
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk = C:\Users\media\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {53A8AEF8-5503-4B78-A091-634BB68DEECE} https://operations.p.../SecureAuth.cab (ActiveClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{554DFF60-DDDF-4E07-8B7D-72ACC8B0F85B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65522FB4-12DD-48EE-93B3-1CD27C733E6A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FFF2328-3F92-405D-8E59-1829FBA430B6}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06d33da3-44c5-11e3-a51c-d067e5e60964}\Shell - "" = AutoRun
O33 - MountPoints2\{06d33da3-44c5-11e3-a51c-d067e5e60964}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{6110af17-a531-11e2-abfa-d067e5e60964}\Shell - "" = AutoRun
O33 - MountPoints2\{6110af17-a531-11e2-abfa-d067e5e60964}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/24 21:28:45 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/03/24 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\EncryptStick
[2014/03/24 19:09:56 | 000,000,000 | ---D | C] -- C:\Users\media\Documents\Optimizer Pro
[2014/03/24 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Optimizer Pro
[2014/03/24 19:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/03/24 19:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/03/24 19:04:47 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\System Speedup
[2014/03/24 19:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
[2014/03/24 19:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/03/24 19:04:44 | 000,019,544 | ---- | C] (System Speedup) -- C:\Windows\SysNative\roboot64.exe
[2014/03/24 19:04:44 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\systweak
[2014/03/24 19:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/03/24 19:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Speedup
[2014/03/24 19:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/03/24 18:58:18 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/03/24 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/03/24 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{143D26C2-0AE1-46D7-92C9-258C460F9658}
[2014/03/11 12:57:19 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\pic4bus
[2014/03/10 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{729C8200-6BC7-411D-9E0E-391B220C7C3D}
[2014/03/09 16:20:03 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{253CFA5E-4B04-436D-A75A-D92E42A7FBD3}
[2014/03/08 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{6F40B01A-B7B8-4229-B810-F354AB69F9E4}
[2014/03/08 06:05:26 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{3C04C088-B663-4134-82BC-81D577A9D509}
[2014/03/07 17:12:01 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{2DF245E3-38B9-41E7-B72D-9BB47C8FF47E}
[2014/03/07 17:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2014/03/07 16:32:57 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\ISSUU - Folio 02_19_14 by Folio Weekly_files
[2014/03/06 15:14:28 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\Windows Live
[2014/03/06 15:14:13 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{75A069F1-F2F1-4BF7-8561-44169F7716F9}
[2014/03/06 10:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/06 10:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/06 10:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/06 10:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/08/22 10:35:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\media\AppData\Roaming\pcouffin.sys
[2 C:\Users\media\AppData\Local\*.tmp files -> C:\Users\media\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/28 09:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/28 09:02:34 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414432764-1395917160-1913274053-1000UA.job
[2014/03/28 09:02:34 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414432764-1395917160-1913274053-1001UA.job
[2014/03/28 09:02:34 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414432764-1395917160-1913274053-1000Core.job
[2014/03/28 09:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/27 22:04:54 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 22:04:54 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 22:01:52 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/27 22:01:52 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/27 22:01:52 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/27 21:56:37 | 1071,816,702 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/27 21:14:20 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\System Speedup_DEFAULT.job
[2014/03/27 21:14:19 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414432764-1395917160-1913274053-1001Core.job
[2014/03/26 13:50:49 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\System Speedup_UPDATES.job
[2014/03/24 21:28:45 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/03/24 19:05:22 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/03/24 19:04:53 | 000,001,099 | ---- | M] () -- C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/03/24 19:04:53 | 000,001,089 | ---- | M] () -- C:\Users\media\Desktop\MyPC Backup.lnk
[2014/03/24 19:04:46 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\System Speedup.lnk
[2014/03/24 19:04:45 | 000,001,064 | ---- | M] () -- C:\Users\media\Desktop\Optimizer Pro.lnk
[2014/03/24 19:04:44 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/03/24 18:58:24 | 000,001,971 | ---- | M] () -- C:\Users\media\Desktop\Sync Folder.lnk
[2014/03/21 19:08:23 | 000,034,458 | ---- | M] () -- C:\Users\media\Desktop\10001350_10203261334274225_2067480817_n.jpg
[2014/03/20 12:15:57 | 000,066,500 | ---- | M] () -- C:\Users\media\Desktop\10003433_252999678205275_517242137_n.jpg
[2014/03/13 03:23:01 | 004,834,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/07 16:43:18 | 005,022,025 | ---- | M] () -- C:\Users\media\Documents\folio article.jpg
[2014/03/07 16:41:29 | 002,207,230 | ---- | M] () -- C:\Users\media\Documents\IMG_20140307_0003.jpg
[2014/03/07 16:40:45 | 001,704,721 | ---- | M] () -- C:\Users\media\Documents\IMG_20140307_0002.jpg
[2014/03/07 16:39:01 | 001,944,141 | ---- | M] () -- C:\Users\media\Documents\IMG_20140307_0001.jpg
[2014/03/07 16:34:05 | 000,013,701 | ---- | M] () -- C:\Users\media\Desktop\ISSUU - Folio 02_19_14 by Folio Weekly.htm
[2014/03/06 10:07:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/06 10:04:02 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/27 04:01:23 | 000,774,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2 C:\Users\media\AppData\Local\*.tmp files -> C:\Users\media\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/24 19:05:22 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/03/24 19:05:13 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/03/24 19:05:05 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\System Speedup_DEFAULT.job
[2014/03/24 19:05:03 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\System Speedup_UPDATES.job
[2014/03/24 19:04:46 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\System Speedup.lnk
[2014/03/24 19:04:45 | 000,001,064 | ---- | C] () -- C:\Users\media\Desktop\Optimizer Pro.lnk
[2014/03/24 19:04:44 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/03/24 18:58:24 | 000,001,971 | ---- | C] () -- C:\Users\media\Desktop\Sync Folder.lnk
[2014/03/24 18:58:18 | 000,001,099 | ---- | C] () -- C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/03/24 18:58:18 | 000,001,089 | ---- | C] () -- C:\Users\media\Desktop\MyPC Backup.lnk
[2014/03/21 19:08:23 | 000,034,458 | ---- | C] () -- C:\Users\media\Desktop\10001350_10203261334274225_2067480817_n.jpg
[2014/03/20 12:15:57 | 000,066,500 | ---- | C] () -- C:\Users\media\Desktop\10003433_252999678205275_517242137_n.jpg
[2014/03/07 16:43:18 | 005,022,025 | ---- | C] () -- C:\Users\media\Documents\folio article.jpg
[2014/03/07 16:41:29 | 002,207,230 | ---- | C] () -- C:\Users\media\Documents\IMG_20140307_0003.jpg
[2014/03/07 16:40:45 | 001,704,721 | ---- | C] () -- C:\Users\media\Documents\IMG_20140307_0002.jpg
[2014/03/07 16:39:01 | 001,944,141 | ---- | C] () -- C:\Users\media\Documents\IMG_20140307_0001.jpg
[2014/03/07 16:32:57 | 000,013,701 | ---- | C] () -- C:\Users\media\Desktop\ISSUU - Folio 02_19_14 by Folio Weekly.htm
[2014/03/06 10:04:02 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/01/25 16:59:09 | 000,000,218 | ---- | C] () -- C:\Users\media\AppData\Local\recently-used.xbel
[2013/10/26 20:47:50 | 000,000,079 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/08/22 10:36:48 | 000,000,668 | ---- | C] () -- C:\Users\media\AppData\Roaming\vso_ts_preview.xml
[2013/08/22 10:35:01 | 000,099,384 | ---- | C] () -- C:\Users\media\AppData\Roaming\inst.exe
[2013/08/22 10:35:01 | 000,007,859 | ---- | C] () -- C:\Users\media\AppData\Roaming\pcouffin.cat
[2013/08/22 10:35:01 | 000,001,167 | ---- | C] () -- C:\Users\media\AppData\Roaming\pcouffin.inf
[2013/06/06 20:29:03 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/03/07 16:24:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/03/07 16:24:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/03/07 16:24:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/03/07 16:24:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/07/03 16:40:28 | 000,000,600 | ---- | C] () -- C:\Users\media\AppData\Local\PUTTY.RND
[2012/05/26 00:07:03 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/03/06 17:55:16 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\BitLord
[2013/09/11 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\canon
[2014/03/24 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\EncryptStick
[2013/10/27 08:51:14 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Epson
[2013/09/18 10:20:09 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\ICAClient
[2013/10/26 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Leadertech
[2014/03/24 19:09:55 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Optimizer Pro
[2013/04/14 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\PACE Anti-Piracy
[2013/06/06 20:36:36 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Python-Eggs
[2013/04/14 23:06:39 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014/03/28 09:09:04 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\System Speedup
[2014/03/26 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\systweak
[2013/08/20 09:54:52 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Tific
[2013/08/23 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Vso
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 965 bytes -> C:\Users\media\AppData\Local\ilPzD5lpxK:nSqvqy91dAmKHj3JBMs8wO1MD
@Alternate Data Stream - 1101 bytes -> C:\Users\media\AppData\Local\tLdAuceir5yDp:QkPN2yHO3d8LOQwLTK251imlxBYcyN
@Alternate Data Stream - 1055 bytes -> C:\Users\media\AppData\Local\Temp:XjVypBW1IWlFINn0fdQkp7DR
< End of report >
Edited by noluv, 29 March 2014 - 10:54 AM.
#4
Posted 29 March 2014 - 11:14 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Hi a few questions ... Did you intentionally install the following programmes :
View-Password-soft
Tific
If not I will remove them next time round
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Please download AdwCleaner by Xplode onto your desktop.
View-Password-soft
Tific
If not I will remove them next time round
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[CREATERESTOREPOINT]
:OTL
SRV - [2014/03/14 10:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
IE - HKLM\..\SearchScopes,DefaultScope = {D151BD83-D7CB-48AD-95DC-657C629B9A88}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\..\SearchScopes\{D151BD83-D7CB-48AD-95DC-657C629B9A88}: "URL" = http://search.condui...4632368112&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..browser.search.defaultthis.engineName: "SweetPacks Customized Web Search"
FF - prefs.js..extensions.enabledAddons: %7Bd1377c30-1cf3-4e6f-ae8b-e1fab3664710%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: e46480cf-7cf6-495e-af69-573053f52c72%40b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com:0.94.32
[2014/02/01 13:05:22 | 000,000,000 | ---D | M] (MyAppStash Appbar) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\{28d65a1b-92be-49c9-a0a7-286aa45a2c63}
[2014/03/24 19:05:01 | 000,000,000 | ---D | M] ("Plus-HD-9.5") -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com
[2014/03/24 19:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com\extensionData
[2014/03/24 19:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com\extensionData\plugins
[2014/03/24 19:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\e46480cf-7cf6-495e-af69-573053f52c72@b33ab36d-5952-49aa-adb2-a41b3dbe51a5.com\extensionData\userCode
[2014/03/24 19:04:23 | 000,001,000 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\searchplugins\conduit-search.xml
[2014/03/24 19:05:00 | 000,001,368 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\searchplugins\iminent.xml
[2013/06/06 20:35:29 | 000,003,724 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
O2:64bit: - BHO: (Plus-HD-9.5) - {11111111-1111-1111-1111-110511311166} - C:\Program Files (x86)\Plus-HD-9.5\Plus-HD-9.5-bho64.dll File not found
O2:64bit: - BHO: (MyAppStash Appbar) - {f97bf93f-5582-442f-80d6-7041f392d748} - C:\Program Files (x86)\myappstashvtb\myappstashvDx64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (MyAppStash Appbar) - {f97bf93f-5582-442f-80d6-7041f392d748} - C:\Program Files (x86)\myappstashvtb\myappstashvDx64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [iLivid] "C:\Users\media\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKCU..\Run: [JumiController] File not found
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
[2014/03/24 19:09:56 | 000,000,000 | ---D | C] -- C:\Users\media\Documents\Optimizer Pro
[2014/03/24 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Optimizer Pro
[2014/03/24 19:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/03/24 19:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/03/24 19:04:47 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\System Speedup
[2014/03/24 19:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
[2014/03/24 19:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/03/24 19:04:44 | 000,019,544 | ---- | C] (System Speedup) -- C:\Windows\SysNative\roboot64.exe
[2014/03/24 19:04:44 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\systweak
[2014/03/24 19:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/03/24 19:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Speedup
[2014/03/24 19:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/03/24 18:58:18 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/03/24 18:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/03/24 18:37:42 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{143D26C2-0AE1-46D7-92C9-258C460F9658}
[2014/03/27 21:14:20 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\System Speedup_DEFAULT.job
[2014/03/26 13:50:49 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\System Speedup_UPDATES.job
[2014/03/24 19:05:22 | 000,001,203 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/03/24 19:04:53 | 000,001,099 | ---- | M] () -- C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/03/24 19:04:53 | 000,001,089 | ---- | M] () -- C:\Users\media\Desktop\MyPC Backup.lnk
[2014/03/24 19:04:46 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\System Speedup.lnk
[2014/03/24 19:04:45 | 000,001,064 | ---- | M] () -- C:\Users\media\Desktop\Optimizer Pro.lnk
[2014/03/24 19:04:44 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/03/24 18:58:24 | 000,001,971 | ---- | M] () -- C:\Users\media\Desktop\Sync Folder.lnk
[2014/03/24 19:05:22 | 000,001,203 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/03/24 19:05:13 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/03/24 19:05:05 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\System Speedup_DEFAULT.job
[2014/03/24 19:05:03 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\System Speedup_UPDATES.job
[2014/03/24 19:04:46 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\System Speedup.lnk
[2014/03/24 19:04:45 | 000,001,064 | ---- | C] () -- C:\Users\media\Desktop\Optimizer Pro.lnk
[2014/03/24 19:04:44 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2014/03/24 18:58:24 | 000,001,971 | ---- | C] () -- C:\Users\media\Desktop\Sync Folder.lnk
[2014/03/24 18:58:18 | 000,001,099 | ---- | C] () -- C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/03/24 18:58:18 | 000,001,089 | ---- | C] () -- C:\Users\media\Desktop\MyPC Backup.lnk
[2014/03/24 19:09:55 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Optimizer Pro
[2014/03/28 09:09:04 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\System Speedup
[2014/03/26 15:37:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\systweak
@Alternate Data Stream - 965 bytes -> C:\Users\media\AppData\Local\ilPzD5lpxK:nSqvqy91dAmKHj3JBMs8wO1MD
@Alternate Data Stream - 1101 bytes -> C:\Users\media\AppData\Local\tLdAuceir5yDp:QkPN2yHO3d8LOQwLTK251imlxBYcyN
@Alternate Data Stream - 1055 bytes -> C:\Users\media\AppData\Local\Temp:XjVypBW1IWlFINn0fdQkp7DR
:Files
c:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\myappstashvtb
C:\Users\media\AppData\Local\iLivid
C:\Program Files (x86)\Plus-HD-9.5
C:\Program Files (x86)\MyPC Backup
C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
#5
Posted 30 March 2014 - 08:13 AM
noluv
- Topic Starter
-
- Member
-
- 123 posts
Member
OTL logfile created on: 3/30/2014 4:10:08 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\media\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
12.00 Gb Total Physical Memory | 9.66 Gb Available Physical Memory | 80.51% Memory free
23.99 Gb Paging File | 21.21 Gb Available in Paging File | 88.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.11 Gb Total Space | 48.20 Gb Free Space | 20.76% Space Free | Partition Type: NTFS
Drive E: | 931.32 Gb Total Space | 528.31 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Computer Name: MEDIA-SERVER | User Name: media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/28 09:14:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL(1).exe
PRC - [2014/03/11 17:19:12 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/01/22 13:47:36 | 001,102,656 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\media\AppData\Roaming\Verizon\UA_ar\UA.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/12 10:00:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/10/27 10:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/01 20:09:06 | 000,928,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/10/01 20:08:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
PRC - [2013/10/01 20:08:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2013/10/01 16:29:04 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2013/08/09 14:53:42 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/03/27 10:31:55 | 005,571,184 | ---- | M] (Tific) -- C:\Program Files (x86)\Tific\Tific Client G1\TiFiC.exe
PRC - [2012/04/03 13:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 13:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 13:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2012/03/26 17:35:16 | 000,449,168 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2011/03/09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/11 17:19:10 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/02/27 04:06:16 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 04:06:15 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/27 04:03:28 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 04:03:24 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 04:03:23 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/27 04:03:22 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:03:18 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 04:03:17 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:03:14 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:03:13 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:03:12 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 04:03:11 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:03:11 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/27 04:03:09 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:03:05 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/14 04:37:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\9d0e03eb37c3998fad8c2a202bb8cc95\IAStorUtil.ni.dll
MOD - [2014/02/14 04:37:42 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b1f7b4e15aef3faf382db6ba14c81371\IAStorCommon.ni.dll
MOD - [2014/02/14 04:33:55 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\298085ede23a44d650de5700ac88af62\System.Web.ni.dll
MOD - [2014/02/14 04:33:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6013ba20c72207054261c46f625ae552\System.Runtime.Remoting.ni.dll
MOD - [2014/02/14 04:33:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c6b80904ea323b50d5e74f059e0c3645\System.Windows.Forms.ni.dll
MOD - [2014/02/14 04:33:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\236414f8e3137dd32f350e41fbdfa2c8\System.Drawing.ni.dll
MOD - [2014/02/14 04:33:15 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\dbc40282ea71e3ca17b22db86d9d394a\WindowsBase.ni.dll
MOD - [2014/02/14 04:33:10 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\aef3e3e63c8a2facdb5b12a0de76c3b9\System.Xml.ni.dll
MOD - [2014/02/14 04:33:07 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4241d1ece5590df3a828c9739dc82bf2\System.ni.dll
MOD - [2014/02/14 04:33:07 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8a9cfd6b821ec7ec605897b699b69f53\System.Configuration.ni.dll
MOD - [2014/02/14 04:32:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/11 06:29:21 | 000,399,640 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 06:29:17 | 004,055,320 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 06:28:15 | 000,715,544 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 06:28:14 | 000,100,120 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 06:28:11 | 001,634,584 | ---- | M] () -- C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/12/12 10:00:32 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2011/09/13 16:57:20 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/01 13:52:32 | 001,600,000 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/05/27 17:46:56 | 003,792,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/05/24 15:42:08 | 002,154,888 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2010/11/25 21:54:14 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/24 18:07:24 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2014/03/11 17:19:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/12 10:00:42 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/27 10:12:26 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/23 04:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/07/13 15:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/03/24 21:28:45 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLibG64.sys -- (wStLibG64)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/09/24 08:10:34 | 000,097,768 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/09/17 22:22:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/08/22 10:35:01 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/10/27 14:31:17 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/27 14:31:17 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/03/21 13:54:24 | 000,042,528 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop)
DRV:64bit: - [2011/02/24 16:35:30 | 000,499,200 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2010/11/25 23:20:22 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/11/25 21:16:48 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/03 11:07:18 | 000,015,160 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)
DRV:64bit: - [2010/02/10 13:37:06 | 000,103,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010/02/09 09:06:54 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/04 14:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9C450A45-059F-4EB9-9F24-9A22C30468E2}
IE:64bit: - HKLM\..\SearchScopes\{9C450A45-059F-4EB9-9F24-9A22C30468E2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{9C450A45-059F-4EB9-9F24-9A22C30468E2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bd1377c30-1cf3-4e6f-ae8b-e1fab3664710%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\media\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\media\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\media\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3ffa62eb-8a4c-476a-9f11-e48305f1db06}: C:\Program Files (x86)\View-Password-soft\157.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/05/26 10:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Extensions
[2014/03/30 03:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions
[2014/03/24 16:48:14 | 000,008,409 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\{d1377c30-1cf3-4e6f-ae8b-e1fab3664710}.xpi
[2013/12/12 10:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/12 10:00:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/12 10:00:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\media\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u00C2™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\media\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Ancient History Encyclopedia = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0\
CHR - Extension: Angry Birds = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Weather (extension) = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_1\
CHR - Extension: YouTube = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Firebug Lite for Google Chrome\u00E2\u201E\u00A2 = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Adblock Plus = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Plugins = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop\0.8.0_0\
CHR - Extension: OneTab = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.6_0\
CHR - Extension: Google Search = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: San Francisco Giants Theme = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmbijfnfibgkhdaacnlocmbhljlfdchb\1.0_0\
CHR - Extension: Planetarium = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\
CHR - Extension: MLB.com Scoreboard = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignfgamliophfaggapcolfgjiekgppld\0.1.1_0\
CHR - Extension: Video Downloader - GotClip = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbblceflgjndjmpkhcdpjhidhkcknjen\1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\4.0.1_0\
CHR - Extension: Pocket = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.600_0\
CHR - Extension: Crash Bandicoot = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nepokceeihjekfnomicglbemimfmkibg\2_0\
CHR - Extension: Video Links in a New Media Player Window = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\njgnenfcakbjnampnknmmolokpcfmbfh\2.1.1_0\
CHR - Extension: Google Wallet = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: RSS Feed Reader = C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.2_0\
O1 HOSTS File: ([2014/03/30 03:55:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [PAL] "C:\Program Files (x86)\Tific\Tific Client G1\TiFiC.exe" /SYSTRAY /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "English" /SERVER pc.tific.com /TARGET PCPAL /SILENT_OFFLINE /S /HTTPS /SILENT File not found
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk = C:\Users\media\AppData\Roaming\Verizon\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {53A8AEF8-5503-4B78-A091-634BB68DEECE} https://operations.p.../SecureAuth.cab (ActiveClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{554DFF60-DDDF-4E07-8B7D-72ACC8B0F85B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65522FB4-12DD-48EE-93B3-1CD27C733E6A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FFF2328-3F92-405D-8E59-1829FBA430B6}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06d33da3-44c5-11e3-a51c-d067e5e60964}\Shell - "" = AutoRun
O33 - MountPoints2\{06d33da3-44c5-11e3-a51c-d067e5e60964}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{6110af17-a531-11e2-abfa-d067e5e60964}\Shell - "" = AutoRun
O33 - MountPoints2\{6110af17-a531-11e2-abfa-d067e5e60964}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/30 04:11:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/30 03:54:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/24 21:28:45 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/03/24 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\EncryptStick
[2014/03/24 19:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/03/11 12:57:19 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\pic4bus
[2014/03/10 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{729C8200-6BC7-411D-9E0E-391B220C7C3D}
[2014/03/09 16:20:03 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{253CFA5E-4B04-436D-A75A-D92E42A7FBD3}
[2014/03/08 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{6F40B01A-B7B8-4229-B810-F354AB69F9E4}
[2014/03/08 06:05:26 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{3C04C088-B663-4134-82BC-81D577A9D509}
[2014/03/07 17:12:01 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{2DF245E3-38B9-41E7-B72D-9BB47C8FF47E}
[2014/03/07 17:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2014/03/07 16:32:57 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\ISSUU - Folio 02_19_14 by Folio Weekly_files
[2014/03/06 15:14:28 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\Windows Live
[2014/03/06 15:14:13 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\{75A069F1-F2F1-4BF7-8561-44169F7716F9}
[2014/03/06 10:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/06 10:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/06 10:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/03/06 10:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/08/22 10:35:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\media\AppData\Roaming\pcouffin.sys
[2 C:\Users\media\AppData\Local\*.tmp files -> C:\Users\media\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/30 04:19:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/30 04:14:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 04:14:17 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/30 04:12:10 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/30 04:12:10 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/30 04:12:10 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/30 04:05:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/30 04:05:21 | 1071,816,702 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/30 03:56:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414432764-1395917160-1913274053-1001UA.job
[2014/03/30 03:55:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/03/30 03:51:49 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414432764-1395917160-1913274053-1000UA.job
[2014/03/30 03:51:48 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414432764-1395917160-1913274053-1000Core.job
[2014/03/29 12:56:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-414432764-1395917160-1913274053-1001Core.job
[2014/03/24 21:28:45 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/03/21 19:08:23 | 000,034,458 | ---- | M] () -- C:\Users\media\Desktop\10001350_10203261334274225_2067480817_n.jpg
[2014/03/20 12:15:57 | 000,066,500 | ---- | M] () -- C:\Users\media\Desktop\10003433_252999678205275_517242137_n.jpg
[2014/03/13 03:23:01 | 004,834,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/07 16:43:18 | 005,022,025 | ---- | M] () -- C:\Users\media\Documents\folio article.jpg
[2014/03/07 16:41:29 | 002,207,230 | ---- | M] () -- C:\Users\media\Documents\IMG_20140307_0003.jpg
[2014/03/07 16:40:45 | 001,704,721 | ---- | M] () -- C:\Users\media\Documents\IMG_20140307_0002.jpg
[2014/03/07 16:39:01 | 001,944,141 | ---- | M] () -- C:\Users\media\Documents\IMG_20140307_0001.jpg
[2014/03/07 16:34:05 | 000,013,701 | ---- | M] () -- C:\Users\media\Desktop\ISSUU - Folio 02_19_14 by Folio Weekly.htm
[2014/03/06 10:07:33 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/03/06 10:04:02 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2 C:\Users\media\AppData\Local\*.tmp files -> C:\Users\media\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/21 19:08:23 | 000,034,458 | ---- | C] () -- C:\Users\media\Desktop\10001350_10203261334274225_2067480817_n.jpg
[2014/03/20 12:15:57 | 000,066,500 | ---- | C] () -- C:\Users\media\Desktop\10003433_252999678205275_517242137_n.jpg
[2014/03/07 16:43:18 | 005,022,025 | ---- | C] () -- C:\Users\media\Documents\folio article.jpg
[2014/03/07 16:41:29 | 002,207,230 | ---- | C] () -- C:\Users\media\Documents\IMG_20140307_0003.jpg
[2014/03/07 16:40:45 | 001,704,721 | ---- | C] () -- C:\Users\media\Documents\IMG_20140307_0002.jpg
[2014/03/07 16:39:01 | 001,944,141 | ---- | C] () -- C:\Users\media\Documents\IMG_20140307_0001.jpg
[2014/03/07 16:32:57 | 000,013,701 | ---- | C] () -- C:\Users\media\Desktop\ISSUU - Folio 02_19_14 by Folio Weekly.htm
[2014/03/06 10:04:02 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/01/25 16:59:09 | 000,000,218 | ---- | C] () -- C:\Users\media\AppData\Local\recently-used.xbel
[2013/10/26 20:47:50 | 000,000,079 | ---- | C] () -- C:\Windows\EP4530.ini
[2013/08/22 10:36:48 | 000,000,668 | ---- | C] () -- C:\Users\media\AppData\Roaming\vso_ts_preview.xml
[2013/08/22 10:35:01 | 000,099,384 | ---- | C] () -- C:\Users\media\AppData\Roaming\inst.exe
[2013/08/22 10:35:01 | 000,007,859 | ---- | C] () -- C:\Users\media\AppData\Roaming\pcouffin.cat
[2013/08/22 10:35:01 | 000,001,167 | ---- | C] () -- C:\Users\media\AppData\Roaming\pcouffin.inf
[2013/06/06 20:29:03 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/03/07 16:24:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/03/07 16:24:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/03/07 16:24:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/03/07 16:24:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/07/03 16:40:28 | 000,000,600 | ---- | C] () -- C:\Users\media\AppData\Local\PUTTY.RND
[2012/05/26 00:07:03 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/03/06 17:55:16 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\BitLord
[2013/09/11 15:55:03 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\canon
[2014/03/24 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\EncryptStick
[2013/10/27 08:51:14 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Epson
[2013/09/18 10:20:09 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\ICAClient
[2013/10/26 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Leadertech
[2013/04/14 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\PACE Anti-Piracy
[2013/06/06 20:36:36 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Python-Eggs
[2013/04/14 23:06:39 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/08/20 09:54:52 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Tific
[2013/08/23 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Vso
========== Purity Check ==========
< End of report >
#6
Posted 30 March 2014 - 08:22 AM
noluv
- Topic Starter
-
- Member
-
- 123 posts
Member
thanks for all your help thus far here is the other log an no i didnt want or install those two things you mentioned
the desktop no longer has those icons on it ...only spam i have no is a popup on the bottom on the browser
when i get on moxilla
# AdwCleaner v3.022 - Report created 30/03/2014 at 10:15:23
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : media - MEDIA-SERVER
# Running from : C:\Users\media\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : 70e6ca8c
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\Program Files (x86)\BrowseFox
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\media\AppData\Local\Conduit
Folder Deleted : C:\Users\media\AppData\Local\SearchProtect
Folder Deleted : C:\Users\media\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\media\AppData\LocalLow\Delta
Folder Deleted : C:\Users\media\AppData\Roaming\BitLord
Folder Deleted : C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord
Folder Deleted : C:\Users\media\Documents\BitLord
File Deleted : C:\END
File Deleted : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\invalidprefs.js
File Deleted : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\user.js
File Deleted : C:\Users\solomon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_DEFAULT
File Deleted : C:\Windows\System32\Tasks\RegClean Pro_UPDATES
File Deleted : C:\Windows\System32\Tasks\System Speedup_DEFAULT
File Deleted : C:\Windows\System32\Tasks\System Speedup_UPDATES
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316666}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312266}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316666}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\System Speedup
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\System Speedup
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Users\solomon\AppData\Roaming\Mozilla\Firefox\Profiles\680oedhz.default\prefs.js ]
Line Deleted : user_pref("browser.search.selectedEngine", "Search The Web");
[ File : C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\prefs.js ]
Line Deleted : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3310511_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1379208389749,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3310511");
Line Deleted : user_pref("extensions.LinkSwift.is", "trmtlsus");
Line Deleted : user_pref("extensions.LinkSwift.ug", "EBD9AF4D-AD78-46C4-B495-98565BF207A1");
Line Deleted : user_pref("extensions.crossrider.bic", "144f65733d793aef34d0b6381dac804b");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "9042e086000000000000100d7f28fe19");
Line Deleted : user_pref("extensions.delta.instlDay", "15916");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.02:26:17");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=290713_190&tsp=4959");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.iminent.admin", false);
Line Deleted : user_pref("extensions.iminent.aflt", "orgnl");
Line Deleted : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Line Deleted : user_pref("extensions.iminent.autoRvrt", "false");
Line Deleted : user_pref("extensions.iminent.dfltLng", "");
Line Deleted : user_pref("extensions.iminent.excTlbr", false);
Line Deleted : user_pref("extensions.iminent.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.iminent.id", "9042e086000000000000d067e5e60964");
Line Deleted : user_pref("extensions.iminent.instlDay", "16153");
Line Deleted : user_pref("extensions.iminent.instlRef", "");
Line Deleted : user_pref("extensions.iminent.newTab", false);
Line Deleted : user_pref("extensions.iminent.prdct", "iminent");
Line Deleted : user_pref("extensions.iminent.prtnrId", "iminent");
Line Deleted : user_pref("extensions.iminent.rvrt", "false");
Line Deleted : user_pref("extensions.iminent.smplGrp", "none");
Line Deleted : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Line Deleted : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Line Deleted : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Line Deleted : user_pref("extensions.iminent.vrsnTs", "1.8.28.319:04:59");
Line Deleted : user_pref("extensions.iminent.vrsni", "1.8.28.3");
-\\ Google Chrome v
[ File : C:\Users\solomon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10423 octets] - [30/03/2014 10:14:47]
AdwCleaner[S0].txt - [10005 octets] - [30/03/2014 10:15:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10066 octets] ##########
#7
Posted 30 March 2014 - 08:59 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK lets kill those and sweep for any I could not see
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[CREATERESTOREPOINT]
:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3ffa62eb-8a4c-476a-9f11-e48305f1db06}: C:\Program Files (x86)\View-Password-soft\157.xpi
O4 - HKLM..\Run: [PAL] "C:\Program Files (x86)\Tific\Tific Client G1\TiFiC.exe" /SYSTRAY /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "English" /SERVER pc.tific.com /TARGET PCPAL /SILENT_OFFLINE /S /HTTPS /SILENT File not found
[2013/08/20 09:54:52 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Tific
[2014/03/24 19:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
:Files
C:\Program Files (x86)\Tific
C:\Program Files (x86)\View-Password-soft
:Commands
[resethosts]
[emptytemp]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits
Go back to the Dashboard and select Scan Now
If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.
On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log
#8
Posted 30 March 2014 - 05:31 PM
noluv
- Topic Starter
-
- Member
-
- 123 posts
Member
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3ffa62eb-8a4c-476a-9f11-e48305f1db06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ffa62eb-8a4c-476a-9f11-e48305f1db06}\ not found.
File C:\Program Files (x86)\View-Password-soft\157.xpi not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PAL deleted successfully.
C:\Users\media\AppData\Roaming\Tific folder moved successfully.
Folder C:\Program Files (x86)\Optimizer Pro\ not found.
========== FILES ==========
C:\Program Files (x86)\Tific\Tific Client G1\Language folder moved successfully.
C:\Program Files (x86)\Tific\Tific Client G1\Cache\pc.tific.com\English folder moved successfully.
C:\Program Files (x86)\Tific\Tific Client G1\Cache\pc.tific.com folder moved successfully.
C:\Program Files (x86)\Tific\Tific Client G1\Cache folder moved successfully.
C:\Program Files (x86)\Tific\Tific Client G1\Backup folder moved successfully.
C:\Program Files (x86)\Tific\Tific Client G1 folder moved successfully.
C:\Program Files (x86)\Tific folder moved successfully.
File\Folder C:\Program Files (x86)\View-Password-soft not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: media
->Temp folder emptied: 1037134 bytes
->Temporary Internet Files folder emptied: 133 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 150630620 bytes
->Google Chrome cache emptied: 6166846 bytes
->Flash cache emptied: 2633 bytes
User: Public
User: solomon
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3596 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 151.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03302014_145800
Files\Folders moved on Reboot...
C:\Users\media\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#9
Posted 30 March 2014 - 06:33 PM
noluv
- Topic Starter
-
- Member
-
- 123 posts
Member
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/30/2014
Scan Time: 8:34:00 PM
Logfile:
Administrator: Yes
Version: 2.00.0.1000
Malware Database: v2014.03.30.07
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: media
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309780
Time Elapsed: 52 min, 0 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [0f60e029f68590a6e963e425e41e7090],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [a1ce22e70f6c58de25f533d66e943fc1],
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.5, Quarantined, [f07fe52452294cea20f01f3b1be73dc3],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 2
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_olnkgiapbjhdboldbhkagdodklkphaip_0, Quarantined, [f7781dec354682b4adf13e19d52dc13f],
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip, Quarantined, [ff7048c1ea91181effab72e561a159a7],
Files: 9
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olnkgiapbjhdboldbhkagdodklkphaip_0.localstorage, Quarantined, [640bb6536a11ed4998ae0f4a8a78e719],
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olnkgiapbjhdboldbhkagdodklkphaip_0.localstorage-journal, Quarantined, [db94c44547344bebba8c80d9976bc040],
PUP.Optional.BetterBrowse.A, C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\nv7iab1m.default\extensions\{d1377c30-1cf3-4e6f-ae8b-e1fab3664710}.xpi, Quarantined, [254a40c9403b290df607fd5e2ad80000],
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_olnkgiapbjhdboldbhkagdodklkphaip_0\3, Quarantined, [f7781dec354682b4adf13e19d52dc13f],
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\000003.log, Quarantined, [ff7048c1ea91181effab72e561a159a7],
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\CURRENT, Quarantined, [ff7048c1ea91181effab72e561a159a7],
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\LOCK, Quarantined, [ff7048c1ea91181effab72e561a159a7],
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\LOG, Quarantined, [ff7048c1ea91181effab72e561a159a7],
PUP.Optional.CrossRider.A, C:\Users\media\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olnkgiapbjhdboldbhkagdodklkphaip\MANIFEST-000002, Quarantined, [ff7048c1ea91181effab72e561a159a7],
Physical Sectors: 0
(No malicious items detected)
(end)
#10
Posted 30 March 2014 - 07:01 PM
noluv
- Topic Starter
-
- Member
-
- 123 posts
Member
forgot to check rootkit first time redid it came back nothing found
#11
Posted 31 March 2014 - 06:54 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
How is the computer behaving now ? Any problems
#12
Posted 31 March 2014 - 05:21 PM
noluv
- Topic Starter
-
- Member
-
- 123 posts
Member
its perfect now thanks sooo much!!!
#13
Posted 01 April 2014 - 07:20 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
In that case methinks I will send you on your merry way 
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Download and run Delfix
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
Malwarebytes.
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Download and run Delfix
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransome ware
Malwarebytes.
Update and run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe
#14
Posted 02 April 2014 - 10:57 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
