Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please please help - you guys are the best & our computer is a me

malware virus ValueApps Shopper-pro

  • This topic is locked This topic is locked

#1
ztastorm

ztastorm

    Member

  • Member
  • PipPip
  • 86 posts

Hi there-

Our computer is very sloooooooow moving and there are constant pop ups. Hyperlinks appear on various pages to lead to other popups and generally hijack from the pages were on..please help us! I've tried to mess with Chrome thinking it was Extensions or something (those also get changed into programs we don't intentionally download)..I try to go under Control Panel and delete programs but it won't work..especially with Shopper-Pro and ValueApps..It says that I don't have access to delete them or something..so annoying! Please help...You guys are so great  thankyou!!

 

 

OTL logfile created on: 7/17/2014 3:54:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stephen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.84% Memory free
7.93 Gb Paging File | 5.55 Gb Available in Paging File | 69.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 467.10 Gb Free Space | 80.20% Space Free | Partition Type: NTFS
Drive D: | 7.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: STEPHEN-PC | User Name: Stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/17 15:54:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Downloads\OTL (1).exe
PRC - [2014/07/15 17:40:22 | 001,592,208 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
PRC - [2014/06/26 09:22:12 | 000,736,616 | ---- | M] (Goobzo) -- C:\Program Files (x86)\ShopperPro\Updater.exe
PRC - [2014/06/26 09:19:14 | 003,211,776 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe
PRC - [2014/06/21 15:32:52 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/04/17 06:31:30 | 000,391,040 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/03 22:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/11 21:03:41 | 001,008,032 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
PRC - [2012/11/05 21:55:38 | 000,107,520 | ---- | M] () -- C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/10/15 13:32:06 | 000,568,464 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
PRC - [2012/09/27 16:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/09/27 16:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/09/27 16:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/08/31 10:32:14 | 000,452,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/12/06 12:24:32 | 000,954,880 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/26 09:19:14 | 003,211,776 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe
MOD - [2014/06/26 09:11:40 | 001,257,472 | ---- | M] () -- C:\Program Files\Common Files\ShopperPro\spbici32.dll
MOD - [2014/05/14 03:02:02 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/04/29 17:23:01 | 001,161,080 | ---- | M] () -- C:\Windows\SysWOW64\Websteroids.B324755F3F87.2.6.80.dll
MOD - [2014/04/17 06:31:30 | 009,844,080 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2014/04/17 06:31:30 | 000,391,040 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2014/02/27 04:12:12 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/27 04:11:49 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 04:11:49 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/27 04:11:48 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/27 04:11:47 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\c6ab75afe61e2065e65a2faa795abff9\PresentationFramework-SystemCore.ni.dll
MOD - [2014/02/27 04:03:14 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 04:03:11 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 04:03:10 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/27 04:03:05 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:03:01 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 04:02:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:02:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 04:02:53 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/27 04:02:50 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:02:50 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:02:46 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:02:46 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:02:41 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/27 04:02:40 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/03 22:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 22:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 22:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 22:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 22:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 22:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 01:05:48 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV:64bit: - [2014/06/26 09:12:50 | 002,346,880 | ---- | M] (ShopperPro) [Auto | Running] -- C:\Program Files\Common Files\ShopperPro\spbiu.exe -- (SPBIUpd)
SRV:64bit: - [2014/04/09 09:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/07/09 09:48:18 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/25 13:58:02 | 000,172,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\SupraSavingsService64.exe -- (SupraSavingsService64)
SRV - [2014/05/14 16:01:58 | 002,496,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/04/29 17:23:00 | 000,065,912 | ---- | M] (Creative Island Media, LLC) [Auto | Stopped] -- C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe -- (Websteroids)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 23:24:44 | 000,574,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/11 21:03:41 | 001,008,032 | ---- | M] () [Auto | Running] -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe -- (M4-Service)
SRV - [2012/11/05 21:55:38 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/04/02 21:54:48 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)
DRV:64bit: - [2014/06/26 09:12:50 | 000,041,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\ShopperPro\spbiw.sys -- (SPBIUpdd)
DRV:64bit: - [2014/06/12 15:05:34 | 000,046,376 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
DRV:64bit: - [2014/05/26 20:57:16 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}w64)
DRV:64bit: - [2014/05/22 18:27:28 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys -- ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w64)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/11 18:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 16:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2014/06/26 09:22:12 | 000,052,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.sys -- (SPDRIVER_1.37.1.189)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1910340270&ir=
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {F3B7318D-8501-4CF4-A89F-C79AAB5D3506}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE}: "URL" = http://www.safesear....q={searchTerms}
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48v1l5w45l1v215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com/?ctid=CT [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 01 56 D1 D6 BA CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...17E4AA336&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.doko-sear...125830&tsp=5036
IE - HKCU\..\SearchScopes\{160ED137-366E-4A47-A78D-FDB597F08CF5}: "URL" = http://us.yhs4.searc...669,0,GC31,7743
IE - HKCU\..\SearchScopes\{19743005-1817-4106-A57E-43D0A032E54B}: "URL" = http://us.yhs4.searc...669,0,GC31,7743
IE - HKCU\..\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE}: "URL" = http://www.safesear....q={searchTerms}
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1910340270&ir=
IE - HKCU\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS399
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7F9398D8-2CF6-44E0-B4D6-5B5EB17B1B0E}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{8F3F0499-AC86-4DCD-A4F6-9CD6189C98B6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9930EAB7-EC96-4E5F-87A8-3F0B0179906E}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}: "URL" = http://search.condui...971B38E57&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions [2010/11/26 22:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}: 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
 
[2010/09/30 13:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions
[2014/03/16 15:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\firefox\extensions
[2013/10/15 19:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA2818\FF
[2010/09/27 17:29:53 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - Extension: Google Wallet = C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/03/17 17:40:12 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe" File not found
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [NextLive] C:\Users\Stephen\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKCU..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D3D25A7-624A-4121-B474-CEB52A0DF990}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ()
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0481ec8d-d6c2-11e3-8c8e-00262d30b7e8}\Shell - "" = AutoRun
O33 - MountPoints2\{0481ec8d-d6c2-11e3-8c8e-00262d30b7e8}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/09 21:08:16 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/07/09 21:08:15 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/07/09 21:08:04 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/09 21:08:04 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/09 21:08:03 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/09 21:08:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/09 21:08:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/07/09 21:07:53 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/01 06:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/06/30 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Service Manager
[2014/06/30 13:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java Service Manager
[2014/06/30 13:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
[2014/06/30 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\suprasavings
[2014/06/30 13:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/06/28 11:43:24 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
[2014/06/28 11:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
[2014/06/28 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Stephen\Desktop\stuff
[2014/06/27 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\XboxMB
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Xenocode
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2014/06/27 13:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates
[2014/06/27 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GOOBZO
[2014/06/27 13:52:21 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\globalUpdate
[2014/06/27 13:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/06/27 13:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule
[2014/06/27 13:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopperPro
[2014/06/27 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo
[2014/06/27 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro
[2014/06/27 13:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ShopperPro
[2014/06/27 13:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShopperPro
[2014/06/27 13:51:47 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Installer
[2014/06/27 13:51:42 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\CrashRpt
[2014/06/24 00:18:55 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ATL90.dll
[2014/06/24 00:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/17 15:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014/07/17 15:53:00 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job
[2014/07/17 15:48:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/17 15:40:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/17 15:39:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Speedial.job
[2014/07/17 15:38:31 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/17 15:11:01 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\bench-Updater removing.job
[2014/07/17 13:07:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2014/07/16 16:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014/07/16 09:44:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2014/07/15 17:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/15 17:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/15 17:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/15 17:40:09 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/15 17:39:26 | 000,031,854 | ---- | M] () -- C:\Users\Stephen\Desktop\Documents\image.jpeg
[2014/07/12 09:42:16 | 000,111,957 | ---- | M] () -- C:\Windows\SysNative\ScanResults.xml
[2014/07/12 09:35:03 | 000,007,312 | ---- | M] () -- C:\Windows\SysNative\SettingsFile
[2014/07/12 09:35:03 | 000,000,464 | ---- | M] () -- C:\Windows\SysNative\ScannerSettings
[2014/07/10 03:22:31 | 000,428,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/09 09:48:16 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/09 09:48:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/06 23:19:53 | 000,000,119 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/07/06 16:53:06 | 000,045,081 | ---- | M] () -- C:\Users\Stephen\Desktop\Dear Daddy.rtf
[2014/06/29 22:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/29 22:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/27 23:06:30 | 000,786,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/27 23:06:30 | 000,665,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/27 23:06:30 | 000,123,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/27 16:31:35 | 828,481,536 | ---- | M] () -- C:\Users\Stephen\Desktop\4E20EB9159A5B21CB62805D162FFB734DD59520A42
[2014/06/27 16:23:24 | 000,000,118 | ---- | M] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842.url
[2014/06/27 16:22:13 | 079,413,248 | ---- | M] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842
[2014/06/27 13:53:28 | 000,000,045 | ---- | M] () -- C:\user.js
[2014/06/17 22:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 21:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/15 17:39:26 | 000,031,854 | ---- | C] () -- C:\Users\Stephen\Desktop\Documents\image.jpeg
[2014/07/12 09:42:16 | 000,111,957 | ---- | C] () -- C:\Windows\SysNative\ScanResults.xml
[2014/07/12 09:35:03 | 000,000,464 | ---- | C] () -- C:\Windows\SysNative\ScannerSettings
[2014/07/12 09:35:02 | 000,007,312 | ---- | C] () -- C:\Windows\SysNative\SettingsFile
[2014/07/06 23:18:11 | 000,000,119 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/07/06 16:53:06 | 000,045,081 | ---- | C] () -- C:\Users\Stephen\Desktop\Dear Daddy.rtf
[2014/06/27 16:47:23 | 828,481,536 | ---- | C] () -- C:\Users\Stephen\Desktop\4E20EB9159A5B21CB62805D162FFB734DD59520A42
[2014/06/27 16:23:50 | 079,413,248 | ---- | C] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842
[2014/06/27 16:23:24 | 000,000,118 | ---- | C] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842.url
[2014/06/27 13:53:33 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job
[2014/06/27 13:53:28 | 000,000,045 | ---- | C] () -- C:\user.js
[2014/04/29 17:23:01 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.80.dll
[2014/03/21 19:02:56 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.dll
[2014/03/14 17:31:17 | 000,000,066 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2014/01/23 18:46:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/10/15 20:45:54 | 000,000,065 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\WB.CFG
[2013/10/15 20:45:54 | 000,000,006 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\WBPU-TTL.DAT
[2013/08/13 20:54:49 | 000,000,258 | RHS- | C] () -- C:\Users\Stephen\ntuser.pol
[2012/12/26 18:58:39 | 000,000,662 | ---- | C] () -- C:\Users\Stephen\AppData\Local\cookies.ini
[2012/12/23 20:29:47 | 000,161,728 | ---- | C] () -- C:\Program Files (x86)\gcres.dll
[2012/12/23 20:29:47 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/05 21:55:58 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/29 13:09:00 | 000,000,000 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/10/02 21:21:14 | 000,263,051 | ---- | M] ()(C:\Users\Stephen\Desktop\MIKE_CLA?IMS.rtf) -- C:\Users\Stephen\Desktop\MIKE_CLAIMS.rtf
[2013/10/02 21:21:09 | 000,263,051 | ---- | C] ()(C:\Users\Stephen\Desktop\MIKE_CLA?IMS.rtf) -- C:\Users\Stephen\Desktop\MIKE_CLAIMS.rtf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AD022376
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:07F6D9E4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >

OTL logfile created on: 7/17/2014 3:54:59 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stephen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.84% Memory free
7.93 Gb Paging File | 5.55 Gb Available in Paging File | 69.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 467.10 Gb Free Space | 80.20% Space Free | Partition Type: NTFS
Drive D: | 7.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: STEPHEN-PC | User Name: Stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/17 15:54:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Downloads\OTL (1).exe
PRC - [2014/07/15 17:40:22 | 001,592,208 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
PRC - [2014/06/26 09:22:12 | 000,736,616 | ---- | M] (Goobzo) -- C:\Program Files (x86)\ShopperPro\Updater.exe
PRC - [2014/06/26 09:19:14 | 003,211,776 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe
PRC - [2014/06/21 15:32:52 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/04/17 06:31:30 | 000,391,040 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/03 22:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/11 21:03:41 | 001,008,032 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
PRC - [2012/11/05 21:55:38 | 000,107,520 | ---- | M] () -- C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/10/15 13:32:06 | 000,568,464 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
PRC - [2012/09/27 16:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/09/27 16:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/09/27 16:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/08/31 10:32:14 | 000,452,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/12/06 12:24:32 | 000,954,880 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/26 09:19:14 | 003,211,776 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe
MOD - [2014/06/26 09:11:40 | 001,257,472 | ---- | M] () -- C:\Program Files\Common Files\ShopperPro\spbici32.dll
MOD - [2014/05/14 03:02:02 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/04/29 17:23:01 | 001,161,080 | ---- | M] () -- C:\Windows\SysWOW64\Websteroids.B324755F3F87.2.6.80.dll
MOD - [2014/04/17 06:31:30 | 009,844,080 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2014/04/17 06:31:30 | 000,391,040 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2014/02/27 04:12:12 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/27 04:11:49 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 04:11:49 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/27 04:11:48 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/27 04:11:47 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\c6ab75afe61e2065e65a2faa795abff9\PresentationFramework-SystemCore.ni.dll
MOD - [2014/02/27 04:03:14 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 04:03:11 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 04:03:10 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/27 04:03:05 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:03:01 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 04:02:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:02:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 04:02:53 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/27 04:02:50 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:02:50 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:02:46 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:02:46 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:02:41 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/27 04:02:40 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/03 22:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 22:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 22:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 22:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 22:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 22:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 01:05:48 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV:64bit: - [2014/06/26 09:12:50 | 002,346,880 | ---- | M] (ShopperPro) [Auto | Running] -- C:\Program Files\Common Files\ShopperPro\spbiu.exe -- (SPBIUpd)
SRV:64bit: - [2014/04/09 09:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/07/09 09:48:18 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/25 13:58:02 | 000,172,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\SupraSavingsService64.exe -- (SupraSavingsService64)
SRV - [2014/05/14 16:01:58 | 002,496,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/04/29 17:23:00 | 000,065,912 | ---- | M] (Creative Island Media, LLC) [Auto | Stopped] -- C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe -- (Websteroids)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 23:24:44 | 000,574,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/11 21:03:41 | 001,008,032 | ---- | M] () [Auto | Running] -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe -- (M4-Service)
SRV - [2012/11/05 21:55:38 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/04/02 21:54:48 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)
DRV:64bit: - [2014/06/26 09:12:50 | 000,041,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\ShopperPro\spbiw.sys -- (SPBIUpdd)
DRV:64bit: - [2014/06/12 15:05:34 | 000,046,376 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
DRV:64bit: - [2014/05/26 20:57:16 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}w64)
DRV:64bit: - [2014/05/22 18:27:28 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys -- ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w64)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/11 18:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 16:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2014/06/26 09:22:12 | 000,052,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.sys -- (SPDRIVER_1.37.1.189)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1910340270&ir=
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {F3B7318D-8501-4CF4-A89F-C79AAB5D3506}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE}: "URL" = http://www.safesear....q={searchTerms}
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48v1l5w45l1v215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com/?ctid=CT [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 01 56 D1 D6 BA CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...17E4AA336&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.doko-sear...125830&tsp=5036
IE - HKCU\..\SearchScopes\{160ED137-366E-4A47-A78D-FDB597F08CF5}: "URL" = http://us.yhs4.searc...669,0,GC31,7743
IE - HKCU\..\SearchScopes\{19743005-1817-4106-A57E-43D0A032E54B}: "URL" = http://us.yhs4.searc...669,0,GC31,7743
IE - HKCU\..\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE}: "URL" = http://www.safesear....q={searchTerms}
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1910340270&ir=
IE - HKCU\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS399
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7F9398D8-2CF6-44E0-B4D6-5B5EB17B1B0E}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{8F3F0499-AC86-4DCD-A4F6-9CD6189C98B6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9930EAB7-EC96-4E5F-87A8-3F0B0179906E}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}: "URL" = http://search.condui...971B38E57&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions [2010/11/26 22:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}: 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
 
[2010/09/30 13:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions
[2014/03/16 15:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\firefox\extensions
[2013/10/15 19:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA2818\FF
[2010/09/27 17:29:53 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - Extension: Google Wallet = C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/03/17 17:40:12 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe" File not found
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [NextLive] C:\Users\Stephen\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKCU..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D3D25A7-624A-4121-B474-CEB52A0DF990}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ()
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0481ec8d-d6c2-11e3-8c8e-00262d30b7e8}\Shell - "" = AutoRun
O33 - MountPoints2\{0481ec8d-d6c2-11e3-8c8e-00262d30b7e8}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/09 21:08:16 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/07/09 21:08:15 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/07/09 21:08:04 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/09 21:08:04 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/09 21:08:03 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/09 21:08:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/09 21:08:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/07/09 21:07:53 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/01 06:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/06/30 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Service Manager
[2014/06/30 13:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java Service Manager
[2014/06/30 13:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
[2014/06/30 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\suprasavings
[2014/06/30 13:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/06/28 11:43:24 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
[2014/06/28 11:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
[2014/06/28 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Stephen\Desktop\stuff
[2014/06/27 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\XboxMB
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Xenocode
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2014/06/27 13:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates
[2014/06/27 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GOOBZO
[2014/06/27 13:52:21 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\globalUpdate
[2014/06/27 13:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/06/27 13:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule
[2014/06/27 13:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopperPro
[2014/06/27 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo
[2014/06/27 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro
[2014/06/27 13:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ShopperPro
[2014/06/27 13:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShopperPro
[2014/06/27 13:51:47 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Installer
[2014/06/27 13:51:42 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\CrashRpt
[2014/06/24 00:18:55 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ATL90.dll
[2014/06/24 00:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/17 15:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014/07/17 15:53:00 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job
[2014/07/17 15:48:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/17 15:40:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/17 15:39:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Speedial.job
[2014/07/17 15:38:31 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/17 15:11:01 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\bench-Updater removing.job
[2014/07/17 13:07:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2014/07/16 16:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014/07/16 09:44:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2014/07/15 17:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/15 17:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/15 17:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/15 17:40:09 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/15 17:39:26 | 000,031,854 | ---- | M] () -- C:\Users\Stephen\Desktop\Documents\image.jpeg
[2014/07/12 09:42:16 | 000,111,957 | ---- | M] () -- C:\Windows\SysNative\ScanResults.xml
[2014/07/12 09:35:03 | 000,007,312 | ---- | M] () -- C:\Windows\SysNative\SettingsFile
[2014/07/12 09:35:03 | 000,000,464 | ---- | M] () -- C:\Windows\SysNative\ScannerSettings
[2014/07/10 03:22:31 | 000,428,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/09 09:48:16 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/09 09:48:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/06 23:19:53 | 000,000,119 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/07/06 16:53:06 | 000,045,081 | ---- | M] () -- C:\Users\Stephen\Desktop\Dear Daddy.rtf
[2014/06/29 22:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/29 22:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/27 23:06:30 | 000,786,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/27 23:06:30 | 000,665,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/27 23:06:30 | 000,123,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/27 16:31:35 | 828,481,536 | ---- | M] () -- C:\Users\Stephen\Desktop\4E20EB9159A5B21CB62805D162FFB734DD59520A42
[2014/06/27 16:23:24 | 000,000,118 | ---- | M] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842.url
[2014/06/27 16:22:13 | 079,413,248 | ---- | M] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842
[2014/06/27 13:53:28 | 000,000,045 | ---- | M] () -- C:\user.js
[2014/06/17 22:18:30 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/06/17 21:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/15 17:39:26 | 000,031,854 | ---- | C] () -- C:\Users\Stephen\Desktop\Documents\image.jpeg
[2014/07/12 09:42:16 | 000,111,957 | ---- | C] () -- C:\Windows\SysNative\ScanResults.xml
[2014/07/12 09:35:03 | 000,000,464 | ---- | C] () -- C:\Windows\SysNative\ScannerSettings
[2014/07/12 09:35:02 | 000,007,312 | ---- | C] () -- C:\Windows\SysNative\SettingsFile
[2014/07/06 23:18:11 | 000,000,119 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/07/06 16:53:06 | 000,045,081 | ---- | C] () -- C:\Users\Stephen\Desktop\Dear Daddy.rtf
[2014/06/27 16:47:23 | 828,481,536 | ---- | C] () -- C:\Users\Stephen\Desktop\4E20EB9159A5B21CB62805D162FFB734DD59520A42
[2014/06/27 16:23:50 | 079,413,248 | ---- | C] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842
[2014/06/27 16:23:24 | 000,000,118 | ---- | C] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842.url
[2014/06/27 13:53:33 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job
[2014/06/27 13:53:28 | 000,000,045 | ---- | C] () -- C:\user.js
[2014/04/29 17:23:01 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.80.dll
[2014/03/21 19:02:56 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.dll
[2014/03/14 17:31:17 | 000,000,066 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2014/01/23 18:46:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/10/15 20:45:54 | 000,000,065 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\WB.CFG
[2013/10/15 20:45:54 | 000,000,006 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\WBPU-TTL.DAT
[2013/08/13 20:54:49 | 000,000,258 | RHS- | C] () -- C:\Users\Stephen\ntuser.pol
[2012/12/26 18:58:39 | 000,000,662 | ---- | C] () -- C:\Users\Stephen\AppData\Local\cookies.ini
[2012/12/23 20:29:47 | 000,161,728 | ---- | C] () -- C:\Program Files (x86)\gcres.dll
[2012/12/23 20:29:47 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/05 21:55:58 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/29 13:09:00 | 000,000,000 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/10/02 21:21:14 | 000,263,051 | ---- | M] ()(C:\Users\Stephen\Desktop\MIKE_CLA?IMS.rtf) -- C:\Users\Stephen\Desktop\MIKE_CLAIMS.rtf
[2013/10/02 21:21:09 | 000,263,051 | ---- | C] ()(C:\Users\Stephen\Desktop\MIKE_CLA?IMS.rtf) -- C:\Users\Stephen\Desktop\MIKE_CLAIMS.rtf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AD022376
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:07F6D9E4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 

 


  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


You have posted twice OTL.txt report. Please navigate to the C:\Users\Stephen\Downloads directory and search there for the Extras.txt logfile, I'm gonna need it also.

Remember to save all the tools I will ask you to download to the desktop. It will make our work easier, and they work better from there.


Cheers,
Naat :)


  • 0

#3
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

THANKYOU THANKYOU THANKYOU!  I couldn't find the "Extras" file from the current OTL report, just one that I apparently ran back in February...so I will run OTL again and post logfile and extra logfile here

 


  • 0

#4
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
OTL logfile created on: 7/19/2014 11:01:17 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stephen\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 52.56% Memory free
7.93 Gb Paging File | 5.43 Gb Available in Paging File | 68.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 468.68 Gb Free Space | 80.47% Space Free | Partition Type: NTFS
Drive D: | 7.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: STEPHEN-PC | User Name: Stephen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/19 11:01:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephen\Downloads\OTL (2).exe
PRC - [2014/07/15 17:40:22 | 001,592,208 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
PRC - [2014/06/26 09:22:10 | 001,107,816 | ---- | M] (Goobzo LTD) -- C:\Program Files (x86)\ShopperPro\ShopperPro.exe
PRC - [2014/06/26 09:19:14 | 003,211,776 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe
PRC - [2014/06/21 15:32:52 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/04/17 06:31:30 | 000,391,040 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/03 22:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/11 21:03:41 | 001,008,032 | ---- | M] () -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
PRC - [2012/11/05 21:55:38 | 000,107,520 | ---- | M] () -- C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/10/15 13:32:06 | 000,568,464 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
PRC - [2012/09/27 16:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/09/27 16:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/09/27 16:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/08/31 10:32:14 | 000,452,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/12/06 12:24:32 | 000,954,880 | ---- | M] (Ares Development Group) -- C:\Program Files (x86)\Ares\Ares.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/26 09:19:14 | 003,211,776 | ---- | M] () -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe
MOD - [2014/06/26 09:11:40 | 001,257,472 | ---- | M] () -- C:\Program Files\Common Files\ShopperPro\spbici32.dll
MOD - [2014/05/14 03:02:02 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/04/17 06:31:30 | 009,844,080 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll
MOD - [2014/04/17 06:31:30 | 000,391,040 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
MOD - [2014/02/27 04:12:12 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/27 04:11:49 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/27 04:11:49 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/27 04:11:48 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/27 04:11:47 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\c6ab75afe61e2065e65a2faa795abff9\PresentationFramework-SystemCore.ni.dll
MOD - [2014/02/27 04:03:14 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/27 04:03:11 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/27 04:03:10 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/27 04:03:05 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:03:01 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/27 04:02:59 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:02:54 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/27 04:02:53 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/27 04:02:50 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:02:50 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:02:46 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:02:46 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:02:41 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/27 04:02:40 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/03 22:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 22:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 22:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 22:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 22:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2010/11/11 05:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MOD - [2010/07/13 09:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MOD - [2010/07/05 05:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MOD - [2010/06/23 21:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MOD - [2010/06/02 01:05:48 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qgif4.dll
MOD - [2010/06/02 01:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll
MOD - [2010/06/01 22:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MOD - [2010/06/01 22:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MOD - [2010/06/01 22:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll
MOD - [2010/06/01 22:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\OutfoxTV\OutfoxTvService.exe -- (OutfoxTvService)
SRV:64bit: - [2014/06/26 09:12:50 | 002,346,880 | ---- | M] (ShopperPro) [Auto | Running] -- C:\Program Files\Common Files\ShopperPro\spbiu.exe -- (SPBIUpd)
SRV:64bit: - [2014/04/09 09:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/01/28 19:27:36 | 000,243,232 | ---- | M] (Acer Group) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/07/09 09:48:18 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/25 13:58:02 | 000,172,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\SupraSavingsService64.exe -- (SupraSavingsService64)
SRV - [2014/05/14 16:01:58 | 002,496,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/04/29 17:23:00 | 000,065,912 | ---- | M] (Creative Island Media, LLC) [Auto | Stopped] -- C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe -- (Websteroids)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 23:24:44 | 000,574,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/11 21:03:41 | 001,008,032 | ---- | M] () [Auto | Running] -- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe -- (M4-Service)
SRV - [2012/11/05 21:55:38 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/03/28 08:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/04/02 21:54:48 | 000,332,272 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/01/15 17:08:38 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys -- (SMUpdd)
DRV:64bit: - [2014/06/26 09:12:50 | 000,041,856 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\ShopperPro\spbiw.sys -- (SPBIUpdd)
DRV:64bit: - [2014/06/12 15:05:34 | 000,046,376 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
DRV:64bit: - [2014/05/26 20:57:16 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}w64)
DRV:64bit: - [2014/05/22 18:27:28 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys -- ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w64)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/11 18:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/25 16:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2014/06/26 09:22:12 | 000,052,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.sys -- (SPDRIVER_1.37.1.189)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1910340270&ir=
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {F3B7318D-8501-4CF4-A89F-C79AAB5D3506}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE}: "URL" = http://www.safesear....q={searchTerms}
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...48v1l5w45l1v215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.conduit.com/?ctid=CT [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...=1910340270&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 43 01 56 D1 D6 BA CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...17E4AA336&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.doko-sear...125830&tsp=5036
IE - HKCU\..\SearchScopes\{160ED137-366E-4A47-A78D-FDB597F08CF5}: "URL" = http://us.yhs4.searc...669,0,GC31,7743
IE - HKCU\..\SearchScopes\{19743005-1817-4106-A57E-43D0A032E54B}: "URL" = http://us.yhs4.searc...669,0,GC31,7743
IE - HKCU\..\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE}: "URL" = http://www.safesear....q={searchTerms}
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1910340270&ir=
IE - HKCU\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS399
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7F9398D8-2CF6-44E0-B4D6-5B5EB17B1B0E}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{8F3F0499-AC86-4DCD-A4F6-9CD6189C98B6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9930EAB7-EC96-4E5F-87A8-3F0B0179906E}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506}: "URL" = http://search.condui...971B38E57&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions [2010/11/26 22:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{635abd67-4fe9-1b23-4f01-e679fa7484c1}: 0\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
 
[2010/09/30 13:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\Extensions
[2014/03/16 15:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephen\AppData\Roaming\Mozilla\firefox\extensions
[2013/10/15 19:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA2818\FF
[2010/09/27 17:29:53 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - Extension: Google Wallet = C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/03/17 17:40:12 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Shopper Pro) - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe" File not found
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [NextLive] C:\Users\Stephen\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKCU..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D3D25A7-624A-4121-B474-CEB52A0DF990}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43732421-B347-4BCE-98C4-5F329F89389D}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll ()
O20 - AppInit_DLLs: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll) - c:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0481ec8d-d6c2-11e3-8c8e-00262d30b7e8}\Shell - "" = AutoRun
O33 - MountPoints2\{0481ec8d-d6c2-11e3-8c8e-00262d30b7e8}\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/09 21:08:16 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/07/09 21:08:15 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/07/09 21:08:04 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/09 21:08:04 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/09 21:08:03 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/09 21:08:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/09 21:08:01 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/07/09 21:07:53 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/01 06:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/06/30 13:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Service Manager
[2014/06/30 13:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java Service Manager
[2014/06/30 13:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
[2014/06/30 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\suprasavings
[2014/06/30 13:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/06/28 11:43:24 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
[2014/06/28 11:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
[2014/06/28 11:43:22 | 000,000,000 | ---D | C] -- C:\Users\Stephen\Desktop\stuff
[2014/06/27 13:55:30 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\XboxMB
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Xenocode
[2014/06/27 13:55:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2014/06/27 13:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\V-bates
[2014/06/27 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GOOBZO
[2014/06/27 13:52:21 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\globalUpdate
[2014/06/27 13:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/06/27 13:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule
[2014/06/27 13:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ShopperPro
[2014/06/27 13:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Goobzo
[2014/06/27 13:51:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro
[2014/06/27 13:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ShopperPro
[2014/06/27 13:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShopperPro
[2014/06/27 13:51:47 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\Installer
[2014/06/27 13:51:42 | 000,000,000 | ---D | C] -- C:\Users\Stephen\AppData\Local\CrashRpt
[2014/06/24 00:18:55 | 000,159,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ATL90.dll
[2014/06/24 00:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/19 10:58:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job
[2014/07/19 10:53:00 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job
[2014/07/19 10:48:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/19 10:39:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Speedial.job
[2014/07/19 10:38:33 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/19 10:24:59 | 000,044,456 | ---- | M] () -- C:\Users\Stephen\Desktop\eileen8.jpg
[2014/07/19 10:24:51 | 000,040,749 | ---- | M] () -- C:\Users\Stephen\Desktop\eileen7.jpg
[2014/07/19 10:24:12 | 000,085,428 | ---- | M] () -- C:\Users\Stephen\Desktop\eileen6.jpg
[2014/07/19 10:23:46 | 000,039,940 | ---- | M] () -- C:\Users\Stephen\Desktop\eileen5.jpg
[2014/07/19 10:22:38 | 000,048,437 | ---- | M] () -- C:\Users\Stephen\Desktop\eileen4.jpg
[2014/07/19 10:22:11 | 000,144,066 | ---- | M] () -- C:\Users\Stephen\Desktop\eileen2.jpg
[2014/07/19 10:21:49 | 000,037,931 | ---- | M] () -- C:\Users\Stephen\Desktop\eileen1.jpg
[2014/07/19 09:07:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\bench-sys.job
[2014/07/19 07:11:00 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\bench-Updater removing.job
[2014/07/18 16:58:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job
[2014/07/18 15:38:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/16 09:44:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2014/07/15 17:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/15 17:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/15 17:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/15 17:40:09 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/15 17:39:26 | 000,031,854 | ---- | M] () -- C:\Users\Stephen\Desktop\Documents\image.jpeg
[2014/07/12 09:42:16 | 000,111,957 | ---- | M] () -- C:\Windows\SysNative\ScanResults.xml
[2014/07/12 09:35:03 | 000,007,312 | ---- | M] () -- C:\Windows\SysNative\SettingsFile
[2014/07/12 09:35:03 | 000,000,464 | ---- | M] () -- C:\Windows\SysNative\ScannerSettings
[2014/07/10 03:22:31 | 000,428,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/09 09:48:16 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/09 09:48:15 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/06 23:19:53 | 000,000,119 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/07/06 16:53:06 | 000,045,081 | ---- | M] () -- C:\Users\Stephen\Desktop\Dear Daddy.rtf
[2014/06/29 22:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/29 22:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/06/27 23:06:30 | 000,786,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/27 23:06:30 | 000,665,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/27 23:06:30 | 000,123,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/27 16:31:35 | 828,481,536 | ---- | M] () -- C:\Users\Stephen\Desktop\4E20EB9159A5B21CB62805D162FFB734DD59520A42
[2014/06/27 16:23:24 | 000,000,118 | ---- | M] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842.url
[2014/06/27 16:22:13 | 079,413,248 | ---- | M] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842
[2014/06/27 13:53:28 | 000,000,045 | ---- | M] () -- C:\user.js
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/19 10:25:02 | 000,044,456 | ---- | C] () -- C:\Users\Stephen\Desktop\eileen8.jpg
[2014/07/19 10:24:54 | 000,040,749 | ---- | C] () -- C:\Users\Stephen\Desktop\eileen7.jpg
[2014/07/19 10:24:15 | 000,085,428 | ---- | C] () -- C:\Users\Stephen\Desktop\eileen6.jpg
[2014/07/19 10:23:50 | 000,039,940 | ---- | C] () -- C:\Users\Stephen\Desktop\eileen5.jpg
[2014/07/19 10:22:41 | 000,048,437 | ---- | C] () -- C:\Users\Stephen\Desktop\eileen4.jpg
[2014/07/19 10:22:16 | 000,144,066 | ---- | C] () -- C:\Users\Stephen\Desktop\eileen2.jpg
[2014/07/19 10:21:58 | 000,037,931 | ---- | C] () -- C:\Users\Stephen\Desktop\eileen1.jpg
[2014/07/15 17:39:26 | 000,031,854 | ---- | C] () -- C:\Users\Stephen\Desktop\Documents\image.jpeg
[2014/07/12 09:42:16 | 000,111,957 | ---- | C] () -- C:\Windows\SysNative\ScanResults.xml
[2014/07/12 09:35:03 | 000,000,464 | ---- | C] () -- C:\Windows\SysNative\ScannerSettings
[2014/07/12 09:35:02 | 000,007,312 | ---- | C] () -- C:\Windows\SysNative\SettingsFile
[2014/07/06 23:18:11 | 000,000,119 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/07/06 16:53:06 | 000,045,081 | ---- | C] () -- C:\Users\Stephen\Desktop\Dear Daddy.rtf
[2014/06/27 16:47:23 | 828,481,536 | ---- | C] () -- C:\Users\Stephen\Desktop\4E20EB9159A5B21CB62805D162FFB734DD59520A42
[2014/06/27 16:23:50 | 079,413,248 | ---- | C] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842
[2014/06/27 16:23:24 | 000,000,118 | ---- | C] () -- C:\Users\Stephen\Desktop\D624503A4A97A4109F548983F82E924024F0211842.url
[2014/06/27 13:53:33 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job
[2014/06/27 13:53:28 | 000,000,045 | ---- | C] () -- C:\user.js
[2014/04/29 17:23:01 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.80.dll
[2014/03/21 19:02:56 | 001,161,080 | ---- | C] () -- C:\Windows\SysWow64\Websteroids.B324755F3F87.dll
[2014/03/14 17:31:17 | 000,000,066 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2014/01/23 18:46:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/10/15 20:45:54 | 000,000,065 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\WB.CFG
[2013/10/15 20:45:54 | 000,000,006 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\WBPU-TTL.DAT
[2013/08/13 20:54:49 | 000,000,258 | RHS- | C] () -- C:\Users\Stephen\ntuser.pol
[2012/12/26 18:58:39 | 000,000,662 | ---- | C] () -- C:\Users\Stephen\AppData\Local\cookies.ini
[2012/12/23 20:29:47 | 000,161,728 | ---- | C] () -- C:\Program Files (x86)\gcres.dll
[2012/12/23 20:29:47 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/05 21:55:58 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/29 13:09:00 | 000,000,000 | ---- | C] () -- C:\Users\Stephen\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/10/02 21:21:14 | 000,263,051 | ---- | M] ()(C:\Users\Stephen\Desktop\MIKE_CLA?IMS.rtf) -- C:\Users\Stephen\Desktop\MIKE_CLAIMS.rtf
[2013/10/02 21:21:09 | 000,263,051 | ---- | C] ()(C:\Users\Stephen\Desktop\MIKE_CLA?IMS.rtf) -- C:\Users\Stephen\Desktop\MIKE_CLAIMS.rtf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AD022376
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:07F6D9E4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 
 
 
 

  • 0

#5
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Ok and I'm sorry but I do not see an "Extras" file for the scan I just ran..it's dated February. What should I do?


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

Don't worry, I'll get it another way. Now please refrain from using any tools/scans on your own. I will do my work and they could simply interfere with each other.

Run these tools for me for now. After it the improvement should be noticeable :)



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    C:\Program Files (x86)\ShopperPro;fs
    C:\Program Files\pcreg;fs
    C:\Program Files\Common Files\ShopperPro;fs
    C:\Windows\SysWOW64\Websteroids.B324755F3F87.2.6.80.dll;f
    C:\Program Files\OutfoxTV;fs
    OutfoxTvService;s
    SPBIUpd;d
    pcregservice;s
    C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1;fs
    SupraSavingsService64;s
    C:\Program Files (x86)\SearchProtect;fs
    CltMngSvc;s
    C:\Users\Stephen\AppData\Roaming\DefaultTab;fs
    C:\ProgramData\Websteroids;fs
    Websteroids;s
    C:\Program Files (x86)\DefaultTab;fs
    DefaultTabSearch;s
    DefaultTabUpdate;s
    C:\Program Files\Common Files\Goobzo;fs
    SMUpdd;s
    SPBIUpdd;s
    C:\Windows\SysNative\drivers\netfilter64.sys;f
    netfilter64;s
    C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys;f
    {55685567-4840-4a91-962b-49a412e9485a}w64;s
    C:\Windows\SysNative\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys;f
    {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64;s
    SPDRIVER_1.37.1.189;s
    iedefaults;
    {31090377-0740-419E-BEFC-A56E50500D5B};c
    {2A1412FA-E464-43E8-9298-0C4122B5DDDE};c
    {597b1823-7ff0-4cd3-8095-9d8cba514992};c
    {9a216821-0ec5-49a3-85ac-fb72ae79a1e8};c
    {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9};c
    {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9};c
    {160ED137-366E-4A47-A78D-FDB597F08CF5}c;
    {19743005-1817-4106-A57E-43D0A032E54B};c
    {7F9398D8-2CF6-44E0-B4D6-5B5EB17B1B0E};c
    {F3B7318D-8501-4CF4-A89F-C79AAB5D3506};c
    resetieproxy;
    C:\Program Files (x86)\DealPlyLive;fs
    ffdefaults;
    C:\PROGRAM FILES (X86)\MEDIAPLAYERV1;fs
    {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C};c
    C:\ProgramData\ShopperPro;fs
    {7F6AFBF1-E065-4627-A2FD-810366367D01};c
    C:\Users\Stephen\AppData\Roaming\DefaultTab;fs
    {ae07101b-46d4-4a98-af68-0333ea26e113};c
    emptyclsid;
    {21FA44EF-376D-4D53-9B0F-8A89D3229068};c
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r64
    "pcreg"=-;r64 
    C:\Program Files\pcreg;fs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "mobilegeni daemon"=-;r
    C:\Program Files (x86)\Mobogenie;fs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "pcreg"=-;r
    "SPDriver"=-;r
    "SpeetItUpFree"=-;r
    C:\Program Files (x86)\SpeedItup Free;fs
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
    "DW7"=-;r
    "fastclean"=-;r
    "Itibiti.exe"=-;r
    "NextLive"=-;r
    "OutfoxTV"=-;r
    "pcreg"=-;r
    "SPDriver"=-;r
    C:\Program Files (x86)\FastClean PRO;fs
    C:\Program Files (x86)\Itibiti Soft Phone;fs
    C:\Users\Stephen\AppData\Roaming\newnext.me;fs
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
    "AppInit_DLLs"="";r64
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
    "AppInit_DLLs"="";r
    C:\ProgramData\374311380;vs
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Service Manager;fs
    C:\Program Files (x86)\Java Service Manager;fs
    C:\Program Files\003;fs
    C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool;fs
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool;fs
    C:\Users\Stephen\AppData\Local\XboxMB;fs
    C:\Windows\XSxS;fs
    C:\Users\Stephen\AppData\Local\Xenocode;fs
    C:\Program Files (x86)\Xenocode;fs
    C:\Program Files\V-bates;fs
    C:\Users\Public\Documents\GOOBZO;fs
    C:\Users\Stephen\AppData\Local\globalUpdate;fs
    C:\Program Files (x86)\globalUpdate;fs
    C:\ProgramData\SearchModule;fs
    C:\ProgramData\ShopperPro;fs
    C:\Program Files\Common Files\Goobzo;fs
    C:\Users\Public\Documents\ShopperPro;fs
    C:\Program Files\Common Files\ShopperPro;fs
    C:\Program Files (x86)\ShopperPro;fs
    C:\Users\Stephen\AppData\Local\Installer;fs
    C:\Users\Stephen\AppData\Local\CrashRpt;fs
    C:\Program Files\PC Optimizer Pro;fs
    C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job;f
    C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job;f
    C:\Windows\tasks\Speedial.job;f
    C:\Windows\tasks\bench-Updater removing.job;f
    C:\Windows\tasks\bench-sys.job;f
    C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job;f
    C:\Windows\tasks\GlaryInitialize.job;f
    C:\Windows\SysNative\ScanResults.xml;f
    C:\Windows\SysNative\SettingsFile;f
    C:\Windows\SysNative\ScannerSettings;f
    C:\Windows\SysWow64\Websteroids.B324755F3F87.2.6.80.dll;f
    C:\Windows\SysWow64\Websteroids.B324755F3F87.dll;f
    C:\Windows\GPlrLanc.dat;virustotal
    C:\Program Files (x86)\gcres.dll;f
    C:\Users\Stephen\AppData\Roaming\wklnhst.dat;virustotal
    C:\ProgramData\Temp;fs
    reboot;
    autoclean;
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Dont forget to re-enable your previuosly switched-off protection software!



adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


  • 0

#7
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts
 
Zoek.exe v5.0.0.0 Updated 16-07-2014
Tool run by Stephen on Sat 07/19/2014 at 12:22:08.85.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Stephen\Downloads\zoek (3).exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
7/19/2014 12:23:32 PM Zoek.exe System Restore Point Created Succesfully.
 
==== VirusTotal Scan ======================
 
C:\Users\Stephen\AppData\Roaming\wklnhst.dat https://www.virustot...2B855/analysis/
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2A1412FA-E464-43E8-9298-0C4122B5DDDE} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{19743005-1817-4106-A57E-43D0A032E54B} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7F9398D8-2CF6-44E0-B4D6-5B5EB17B1B0E} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F3B7318D-8501-4CF4-A89F-C79AAB5D3506} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26D675AC-D925-4BBF-A720-62C2AA4A81EB} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26D675AC-D925-4BBF-A720-62C2AA4A81EB} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CBAF391-AD44-3F7E-CD7B-CA52446D5878} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CBAF391-AD44-3F7E-CD7B-CA52446D5878} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C2D6E15-1B25-4BE8-8A70-E32F0C98CC6D} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8C2D6E15-1B25-4BE8-8A70-E32F0C98CC6D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{26D675AC-D925-4BBF-A720-62C2AA4A81EB} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{7F6AFBF1-E065-4627-A2FD-810366367D01} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{26D675AC-D925-4BBF-A720-62C2AA4A81EB} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{7f3f960e-a836-45ca-8911-0accb522246e} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{efc335aa-59ec-45b0-b287-739521153d5b} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{0b5130a9-cc50-4ced-99d5-cda8cc12ae48} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110411901188} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{b163d839-6e64-41b8-bd78-49e9a316e2d9} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{1FAFD711-ABF9-4F6A-8130-5166C7371427} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{112BA211-334C-4A90-90EC-2AD1CDAB287C} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Classes\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{3CBAF391-AD44-3F7E-CD7B-CA52446D5878} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8C2D6E15-1B25-4BE8-8A70-E32F0C98CC6D} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Mozilla\Firefox\Extensions\[email protected] deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted successfully
 
==== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958)  
Acer Arcade Deluxe  
Acer Arcade Movie  
Acer eRecovery Management  
Acer Games  
Acer Registration  
Acer ScreenSaver  
Acer Updater  
Acrobat.com  
Adobe AIR  
Adobe Flash Player 14 ActiveX  
Adobe Flash Player 14 Plugin  
Adobe Reader 9.1 MUI  
Adobe Reader XI (11.0.07)  
Adobe Shockwave Player 12.0  
Advertising Center  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Ares 2.1.2  
Bejeweled 2 Deluxe  
Blackhawk Striker 2  
Bob the Builder Can-Do-Zoo  
Bonjour  
Build-a-lot 2  
Canon Easy-WebPrint EX  
Canon IJ Network Scanner Selector EX  
Canon IJ Network Tool  
Canon IJ Scan Utility  
Canon Inkjet Printer/Scanner/Fax Extended Survey Program  
Canon MX450 series MP Drivers  
Canon MX450 series On-screen Manual  
Canon MX450 series User Registration  
Canon My Image Garden  
Canon My Image Garden Design Files  
Canon My Printer  
Canon Quick Menu  
Canon Speed Dial Utility  
Compatibility Pack for the 2007 Office system  
DefaultTab  
DefaultTab Chrome  
Easy Phone Sync  
eBay Worldwide  
Escape Rosecliff Island  
eSobi v2  
Faerie Solitaire  
FATE - The Traitor Soul  
Glary Utilities 2.28.0.1011  
Google Chrome  
Google Earth  
Google Toolbar for Internet Explorer  
Haali Media Splitter  
Hotkey Utility  
Identity Card  
ImagXpress  
InstallConverter bundle uninstaller  
Intel® Graphics Media Accelerator Driver  
Intelr Matrix Storage Manager  
Itibiti RTC  
iTunes  
Java Auto Updater  
Java™ 6 Update 21  
Jewel Quest Solitaire 3  
Junk Mail filter update  
K-Lite Codec Pack 7.0.0 (Standard)  
Learning Lodge Navigator  
Level Quality Watcher  
McAfee Security Scan Plus  
MediaShow Espresso  
Microsoft .NET Framework 4.5.1  
Microsoft Antimalware  
Microsoft Application Error Reporting  
Microsoft Choice Guard  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Enterprise 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office Groove MUI (English) 2007  
Microsoft Office Groove Setup Metadata MUI (English) 2007  
Microsoft Office Home and Student 2007  
Microsoft Office InfoPath MUI (English) 2007  
Microsoft Office Live Add-in 1.5  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office PowerPoint Viewer 2007 (English)  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Suite Activation Assistant  
Microsoft Office Word MUI (English) 2007  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Sync Framework Runtime Native v1.0 (x86)  
Microsoft Sync Framework Services Native v1.0 (x86)  
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Works  
MobileMe Control Panel  
Monopoly  
More Games from Acer Games  
MSVCRT  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
Mystery P.I. - Lost in Los Angeles  
MyWinLocker Suite  
Nero 9 Essentials  
Nero ControlCenter  
Nero DiscSpeed  
Nero DiscSpeed Help  
Nero DriveSpeed  
Nero DriveSpeed Help  
Nero Express Help  
Nero InfoTool  
Nero InfoTool Help  
Nero Installer  
Nero Online Upgrade  
Nero StartSmart  
Nero StartSmart Help  
Nero StartSmart OEM  
NeroExpress  
neroxml  
Norton Online Backup  
Norton Security Scan  
Penguins  
Plants vs. Zombies  
Polar Bowler  
Polar Golfer  
QuickTime  
Realtek High Definition Audio Driver  
Safari  
Scrabble Plus  
Search Protect  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition   
Shopper-Pro  
Shredder  
swMSM  
The Price is Right  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office Access 2007 Help (KB963663)  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office Infopath 2007 Help (KB963662)  
Update for Microsoft Office OneNote 2007 Help (KB963670)  
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 Help (KB963677)  
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Publisher 2007 Help (KB963667)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
ValueApps  
Virtual Families  
Virtual Villagers - A New Home  
Vittalia Installer  
VLC media player 1.1.4  
VTech Download Agent Library  
Websteroids  
Welcome Center  
WinAce Archiver  
Windows Live Call  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live ID Sign-in Assistant  
Windows Live Mail  
Windows Live Messenger  
Windows Live Movie Maker  
Windows Live Photo Gallery  
Windows Live Sync  
Windows Live Upload Tool  
Windows Live Writer  
Wizard101  
Yahoo Software Update  
Yahtzee  
Zuma Deluxe  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\pcreg\pcreg.exe
C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
C:\Program Files (x86)\ShopperPro\ShopperPro.exe
C:\Users\Stephen\Downloads\zoek (3).exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Stephen\AppData\Local\Temp\virustotal.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==== Services (whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [DefaultTabUpdate] - DefaultTabUpdate - "C:\Users\Stephen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe"
R2 - [IJPLMSVC] - Canon Inkjet Printer/Scanner/Fax Extended Survey Program - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Essentials\MsMpEng.exe"
R2 - [SPBIUpd] - ShopperPro Update - C:\Program Files\Common Files\ShopperPro\spbiu.exe /service
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R2 - [YahooAUService] - Yahoo! Updater - "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [dealplylive] - DealPly Live Service (dealplylive) - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /svc
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S2 - [SupraSavingsService64] - SupraSavingsService64 - C:\Program Files (x86)\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1\SupraSavingsService64.exe
S2 - [Websteroids] - Websteroids - "C:\ProgramData\Websteroids\up\2.6.80\WebsteroidsService.exe" "C:\ProgramData\Websteroids\up\2.6.80\Websteroids.exe"
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [dealplylivem] - DealPly Live Service (dealplylivem) - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe /medsvc
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe"
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [CltMngSvc] - Search Protect Service - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
S4 - [Greg_Service] - GRegService - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
S4 - [IAANTMON] - Intel® Matrix Storage Event Monitor - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
S4 - [Nero BackItUp Scheduler 4.0] - Nero BackItUp Scheduler 4.0 - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
S4 - [Partner Service] - Partner Service - "C:\ProgramData\Partner\Partner.exe"
S4 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
S4 - [Updater Service] - Updater Service - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Websteroids deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Websteroids deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OutfoxTvService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\OutfoxTvService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcregservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcregservice deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SupraSavingsService64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SupraSavingsService64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabSearch deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DefaultTabSearch deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DefaultTabUpdate deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMUpdd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SMUpdd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBIUpdd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SPBIUpdd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netfilter64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netfilter64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{55685567-4840-4a91-962b-49a412e9485a}w64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{55685567-4840-4a91-962b-49a412e9485a}w64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPDRIVER_1.37.1.189 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SPDRIVER_1.37.1.189 deleted successfully
 
==== Registry Fix Code ======================
 
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"mobilegeni daemon"=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"pcreg"=- 
"SPDriver"=- 
"SpeetItUpFree"=- 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"DW7"=- 
"fastclean"=- 
"Itibiti.exe"=- 
"NextLive"=- 
"OutfoxTV"=- 
"pcreg"=- 
"SPDriver"=- 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"="" 
 
==== Registry Fix Code x64 ======================
 
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"pcreg"=- 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"="" 
 
==== Files Found In C:\ProgramData\374311380 ======================
 
2014-07-01 10:39:34 0 ---ha-w- D41D8CD98F00B204E9800998ECF8427E C:\ProgramData\374311380\BITB47E.tmp
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4062 MB
CPU Info: Pentium® Dual-Core  CPU      E6600  @ 3.06GHz
CPU Speed: 3055.7 MHz
Sound Card: Speakers (Realtek High Definiti | 
Realtek Digital Output (Realtek | 
Display Adapters: Intel® G45/G43 Express Chipset | Intel® G45/G43 Express Chipset | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless PCI Express Card LAN Adapter | Intel® 82567V-2 Gigabit Network Connection
CD / DVD Drives: 1x (D: | ) D: ATAPI   DVD A  DH16AASH
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  582.4GB
Hard Disks - Free: C:  483.2GB
Manufacturer *: AMI
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | ACRSYS - 20100324
Time Zone: Eastern Standard Time
Motherboard *: Acer WG43M
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 31.0.1650.63
Internet Explorer Version: 10.0.9200.16721 
Adobe Reader version: 11.0.07.79
Sun Java version: 1.6.0_21 (32-bit) 
Flash Player version: 14.0.0.145
Shockwave Player version: 12.0.4r144
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2014-07-07 03:18:11 27CDCD2BBCA2FFC770B5AC4D6237D765 119 ----a-w- C:\Windows\Reimage.ini
====== C:\Users\Stephen\AppData\Local\Temp ====
2014-07-07 03:18:28 23881FC2AF0E4B50DE1742954F9B684B 12305104 ----a-w- C:\Users\Stephen\AppData\Local\Temp\ReimagePackage.exe
2014-07-07 03:18:05 0EDBC2B47279C912416387BB6B69AEEC 822008 ----a-w- C:\Users\Stephen\AppData\Local\Temp\ReimageRepair.exe
2014-07-07 03:18:00 9B2952DBA7949AB6C8EB3A705383B74A 383512 ----a-w- C:\Users\Stephen\AppData\Local\Temp\ReimageSetup_new.exe
2014-07-07 03:17:41 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Users\Stephen\AppData\Local\Temp\FLVPlayerSetup.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-10 01:08:04 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-10 01:08:03 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2014-07-10 01:08:01 F95E1E9D97D25C11F29CA34C843A6F4D 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2014-07-10 01:08:01 C61DDFE40204F3BE3DF111981D91560E 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 01:08:01 8BA721F76C97A219599E88722AA48875 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 01:08:01 1A0BE0092646F564FAF204E678AF8E03 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-07-10 01:08:00 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-07-10 01:08:00 C71CC796F0E2E9BD542C87532706FCFE 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2014-07-10 01:08:00 6CB2616152ADCDF39F05B08E4858F476 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 01:07:53 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-07-10 01:07:53 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-13 17:19:01 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\ExtraInfo.txt
2014-07-12 13:42:16 ED483962115BB818B9E457748677BC46 111957 ----a-w- C:\Windows\Sysnative\ScanResults.xml
2014-07-12 13:35:03 406E76BE63C65E0BF4B263156320254E 464 ----a-w- C:\Windows\Sysnative\ScannerSettings
2014-07-12 13:35:02 27D6C5AD7D32AAF700DB0BA132E58F6E 7312 ----a-w- C:\Windows\Sysnative\SettingsFile
2014-07-10 01:08:16 03282D1ADC4F64D27D697CBB63F972C2 519168 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-07-10 01:08:15 980394E1FF94E460C4D71C1B098A0B4F 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-07-10 01:08:05 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-07-10 01:08:04 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe
2014-07-10 01:08:03 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-07-10 01:08:01 E8E98B3B7A6E1250F4AA7AF8FA17D5BB 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2014-07-10 01:08:01 E23BA7A7BD97FC6B8AB5EA32A46D05CD 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2014-07-10 01:08:01 BFC98590EAB40C785D6134B1FA818A62 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2014-07-10 01:08:01 A805B5E68262302D1A60BE3DED5846C9 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-07-10 01:08:01 7D1017ED11B7C3B162628069742B5E58 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2014-07-10 01:08:01 79EE13A5A406E4603874686B8005DA72 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-07-10 01:08:00 C9DD5C0D5AF2D7A54BA32E8FBD3B67F1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-07-10 01:07:53 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-10 01:08:03 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
====== C:\Windows\Tasks ======
2014-07-01 10:41:06 CC30E7D4C4B2EFBAE7B985C8AC63875A 3098 ----a-w- C:\Windows\Sysnative\Tasks\{9D80E247-2979-4C04-95CF-072A744F85C7}
2014-06-27 17:53:33 EE1946484B252C8FDD36D7E36888D766 3254 ----a-w- C:\Windows\Sysnative\Tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}
2014-06-27 17:53:33 71B74FBB66CDA62479BC3D29744284DB 286 ----a-w- C:\Windows\Tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job
2014-06-27 17:52:24 C4D44560BDC5E75733C3FB24C7BC4C86 4508 ----a-w- C:\Windows\Sysnative\Tasks\ShopperPro
2014-06-27 17:52:22 1180A457849ACCED9D7B25D91EAAC64E 3500 ----a-w- C:\Windows\Sysnative\Tasks\SPDriver
2014-06-27 17:52:07 F9B1F3E47C3ECC0DA834F67C3E3DD770 4246 ----a-w- C:\Windows\Sysnative\Tasks\SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41
2014-06-27 17:51:54 8D7EE421A5114479A72F57BCF6B7BE99 3576 ----a-w- C:\Windows\Sysnative\Tasks\ShopperProJSUpd
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-06-30 17:58:17 -------- d-----w- C:\Program Files\suprasavings
2014-06-30 17:57:46 -------- d-----w- C:\Program Files\003
2014-06-27 17:53:28 -------- d-----w- C:\Program Files\V-bates
2014-06-27 17:51:59 -------- d-----w- C:\Program Files\Common Files\Goobzo
2014-06-27 17:51:58 -------- d-----w- C:\Program Files\Common Files\ShopperPro
2014-06-24 04:18:53 -------- d-----w- C:\Program Files\PC Optimizer Pro
======= C:\PROGRA~2 =====
2014-06-30 17:59:16 -------- d-----w- C:\PROGRA~2\Java Service Manager
2014-06-30 17:58:32 -------- d-----w- C:\PROGRA~2\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
2014-06-27 17:55:17 -------- d-----w- C:\PROGRA~2\Xenocode
2014-06-27 17:52:21 -------- d-----w- C:\PROGRA~2\globalUpdate
2014-06-27 17:51:52 -------- d-----w- C:\PROGRA~2\ShopperPro
======= C: =====
2014-06-27 17:53:28 68444E9D77D56E5524C62DB51953C7F3 45 ----a-w- C:\user.js
====== C:\Users\Stephen\AppData\Roaming ======
2014-06-28 17:53:04 -------- d-----w- C:\Users\Stephen\AppData\Locallow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2014-06-28 15:43:24 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-27 17:59:00 -------- d-----w- C:\Users\Stephen\AppData\Locallow\{FAECC00E-8025-47C7-94A5-DCC838C392A1}
2014-06-27 17:55:30 -------- d-----w- C:\Users\Stephen\AppData\Local\XboxMB
2014-06-27 17:55:17 -------- d-----w- C:\Users\Stephen\AppData\Local\Xenocode
2014-06-27 17:53:28 -------- d-----w- C:\Users\Stephen\AppData\Locallow\Company
2014-06-27 17:52:21 -------- d-----w- C:\Users\Stephen\AppData\Local\globalUpdate
2014-06-27 17:51:47 -------- d-----w- C:\Users\Stephen\AppData\Local\Installer
2014-06-27 17:51:42 -------- d-----w- C:\Users\Stephen\AppData\Local\CrashRpt
====== C:\Users\Stephen ======
2014-07-14 13:55:23 83B55FB094BC0D0759F36A6F8D34075D 972584 ----a-w- C:\Users\Stephen\Downloads\java_installer.exe
2014-07-09 21:21:45 9A99BC1A8AA1DB16B8647CD05C54FB7A 774568 ----a-w- C:\Users\Stephen\Downloads\setup (15).exe
2014-07-08 13:54:05 ECBF1795BFF0D406C45ACAE56B2C0406 380280 ----a-w- C:\Users\Stephen\Downloads\SoftwareUpdater (1).exe
2014-07-07 03:18:05 83BC1C1BEFFA38CE3754AD48A798465E 227056 ----a-w- C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe
2014-07-07 03:17:21 9E94E7BE59DACE0C1D98D45A328DBA26 227072 ----a-w- C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe
2014-07-07 03:01:13 FCD5C23FFDD372A785C995408CE365C4 12643712 ----a-w- C:\Users\Stephen\Downloads\Horizon.Setup.v2.7.9.3 (1).exe
2014-07-07 02:59:15 FCD5C23FFDD372A785C995408CE365C4 12643712 ----a-w- C:\Users\Stephen\Downloads\Horizon.Setup.v2.7.9.3.exe
2014-07-07 02:55:23 8BC057D7697D01D9F057D812942A50E8 937288 ----a-w- C:\Users\Stephen\Downloads\horizon-setup (1).exe
2014-07-01 10:39:34 -------- d-----w- C:\ProgramData\374311380
2014-06-30 20:43:05 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Desktop
2014-06-30 17:59:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Service Manager
2014-06-28 15:43:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-27 17:52:11 -------- d-----w- C:\ProgramData\SearchModule
2014-06-27 17:52:06 -------- d-----w- C:\ProgramData\ShopperPro
 
====== C: exe-files ==
2014-07-15 21:40:22 CFF1134B153CE79C84D9D7A467BC7BD6 1592208 ----a-w- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
2014-07-14 13:55:23 83B55FB094BC0D0759F36A6F8D34075D 972584 ----a-w- C:\Users\Stephen\Downloads\java_installer.exe
=== C: other files ==
2014-07-19 13:12:03 CF37CD4A172AF02C5B2B5A3DAE822C9F 2590268 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014719.zip
2014-07-16 00:53:51 70C7DA470A7FA0C19F30636F90100741 814372 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014715 (3).zip
2014-07-16 00:39:18 B85085A4DA039C5A3A4F7DE12DE46B50 814372 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014715 (2).zip
2014-07-16 00:38:37 035EA968C9FA524D200B40B004C34D2D 2796227 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014715 (1).zip
2014-07-16 00:37:16 79D46802925EA18C8C17B9D465305ED4 1951928 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014715.zip
2014-07-15 03:04:59 1EED6375717090DE3E056B97F1CA0B48 1951928 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014714 (1).zip
2014-07-15 03:04:30 B84866869661BE6DA15EF83C8E124465 2796227 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014714.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ContentExplorer"="C:\Users\Stephen\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files (x86)\Ares\Ares.exe -h"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ContentExplorer"="C:\Users\Stephen\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AgentMonitor"="C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files (x86)\Ares\Ares.exe -h"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\Program Files\Microsoft Security Essentials\msseces.exe -hide -runkey"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcadeMovieService"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\Arcade Movie\\ArcadeMovieService.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EgisTecPMMUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EgisUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Global Registration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Global Registration"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Acer\\Registration\\GREG.exe\" BOOT"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Stephen\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotkey Utility]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hotkey Utility"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Acer\\Hotkey Utility\\HotkeyUtility.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IAAnotif"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcui_exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MDS_Menu]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MDS_Menu"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\MediaShow Espresso\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Acer Arcade Deluxe\\MediaShow Espresso\" UpdateWithCreateOnce \"Software\\CyberLink\\MediaShow Espresso\\5.6\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwlDaemon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EgisTec MyWinLocker\\x86\\mwlDaemon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NortonOnlineBackupReminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\Activation\\NobuActivation.exe\" UNATTENDED"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SuiteTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GameConsoleService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Greg_Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAANTMON]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McAfee SiteAdvisor Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McMPFSvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mcmscsvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNaiAnn]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNASvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McODS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McOobeSv]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McProxy]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mfefire]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MSK80Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MWLService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Nero BackItUp Scheduler 4.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Partner Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RichVideo]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Updater Service]
 
 
==== Startup Folders ======================
 
2013-10-19 14:29:41 1270 ----a-w- C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2013-12-28 16:07:33 1935 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/09/2014 09:48 AM]
C:\Windows\tasks\bench-sys.job --a------ C:\Program Files (x86)\Bench\Updater\updater.exe [01/22/2014 12:12 PM]
C:\Windows\tasks\bench-Updater removing.job --a------ [Undetermined Task]
C:\Windows\tasks\DealPlyLiveUpdateTaskMachineCore.job --a------ C::C:\ProgramC:FilesC:x86\DealPlyLive\Update\DealPlyLive.exe []
C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job --a------ C:z:C:\ProgramC:FilesC:x86\DealPlyLive\Update\DealPlyLive.exe []
C:\Windows\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job --a------ C:\Program Files\V-bates\PrefHelper.exe []
C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files (x86)\Glary Utilities\initialize.exe [09/09/2010 10:32 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/27/2010 05:42 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/27/2010 05:42 PM]
C:\Windows\tasks\Norton Security Scan for Stephen.job --ah----- C:\PROGRA2\NORTON2\Engine\4031.24\Nss.exe []
C:\Windows\tasks\Speedial.job --a------ C:\Users\Stephen\AppData\Roaming\Speedial\UPDATE1\UPDATE1.exe []
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\bench-sys" [C:\Program Files (x86)\Bench\Updater\updater.exe]
"C:\Windows\SysNative\tasks\DealPlyLiveUpdateTaskMachineCore" [C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe]
"C:\Windows\SysNative\tasks\DealPlyLiveUpdateTaskMachineUA" [C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe]
"C:\Windows\SysNative\tasks\Desk 365 RunAsStdUser" [C:\Program Files (x86)\Desk 365\desk365.exe]
"C:\Windows\SysNative\tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}" [C:\Program Files\V-bates\PrefHelper.exe]
"C:\Windows\SysNative\tasks\GlaryInitialize" [C:\Program Files (x86)\Glary Utilities\initialize.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Norton Security Scan for Stephen" [C:\PROGRA~2\NORTON~2\Engine\403~1.24\Nss.exe]
"C:\Windows\SysNative\tasks\pcreg" ["C:\Program Files\pcreg\service.exe"]
"C:\Windows\SysNative\tasks\ShopperPro" [C:\Program Files (x86)\ShopperPro\ShopperPro.exe]
"C:\Windows\SysNative\tasks\ShopperProJSUpd" [C:\Program Files (x86)\ShopperPro\updater.exe]
"C:\Windows\SysNative\tasks\SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41" [wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0]
"C:\Windows\SysNative\tasks\SPDriver" [C:\Program Files (x86)\ShopperPro\JSDriver\1.37.1.189\jsdrv.exe]
"C:\Windows\SysNative\tasks\Speedial" [C:\Users\Stephen\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HBLite\bin\11.0.323.0\firefox\extensions" [11/26/2010 10:20 PM]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aobbhmkkplckkcbnbcdbkneemiooegoc - C:\Users\Stephen\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx[]
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
cbjibcbpmbcabnfnohhgjjmkgkimajko - C:\Users\Stephen\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx[]
hgiifhjbblnglipdbpdgagphlcbililb - C:\Users\Stephen\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx[]
jchggfmbjomomjeheekacpacopnpihjn - C:\Users\Stephen\AppData\Local\CRE\jchggfmbjomomjeheekacpacopnpihjn.crx[10/31/2013 07:57 AM]
kdidombaedgpfiiedeimiebkmbilgmlc - C:\Program Files (x86)\DefaultTab\DefaultTab.crx[12/20/2013 02:46 AM]
kokoiojcgpmpngieemgjkgkaogemflng - C:\Users\Stephen\AppData\Local\CRE\kokoiojcgpmpngieemgjkgkaogemflng.crx[]
lcnnhcneegeeojhgpfijnlnocjdmlaon - C:\ProgramData\ValueApps\CH\ValueApps.crx[01/10/2014 02:19 PM]
mphpbdjcljebbcnfopfngmfdackbbdgf - C:\Program Files (x86)\DealPly\DealPly.crx[]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
aobbhmkkplckkcbnbcdbkneemiooegoc - C:\Users\Stephen\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx[]
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
cbjibcbpmbcabnfnohhgjjmkgkimajko - C:\Users\Stephen\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx[]
hgiifhjbblnglipdbpdgagphlcbililb - C:\Users\Stephen\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx[]
jchggfmbjomomjeheekacpacopnpihjn - C:\Users\Stephen\AppData\Local\CRE\jchggfmbjomomjeheekacpacopnpihjn.crx[10/31/2013 07:57 AM]
kokoiojcgpmpngieemgjkgkaogemflng - C:\Users\Stephen\AppData\Local\CRE\kokoiojcgpmpngieemgjkgkaogemflng.crx[]
 
Google Wallet - Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Value apps - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
 
==== Reset IE Proxy ======================
 
Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000
 
Value(s) after fix:
"ProxyEnable"=dword:00000000
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ValueApps deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Sat 07/19/2014 at 12:31:42.25 ======================

  • 0

#8
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

Here's the AdWare log:

# AdwCleaner v3.216 - Report created 19/07/2014 at 12:39:21
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Stephen - STEPHEN-PC
# Running from : C:\Users\Stephen\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : CltMngSvc
[#] Service Deleted : dealplylive
[#] Service Deleted : dealplylivem
[#] Service Deleted : DefaultTabSearch
[#] Service Deleted : DefaultTabUpdate
[#] Service Deleted : hlnfd
[#] Service Deleted : Partner Service
[#] Service Deleted : SMUpdd
Service Deleted : SPBIUpd
[#] Service Deleted : SPBIUpdd
[#] Service Deleted : SupraSavingsService64
[#] Service Deleted : Websteroids
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DealPlyLive
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\HBLiteSA
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\ProgramData\ValueApps
Folder Deleted : C:\ProgramData\Websteroids
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
Folder Deleted : C:\Program Files (x86)\BearShare Applications
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\Desk 365
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\HBLite
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
Folder Deleted : C:\Program Files (x86)\MediaPlayerV1
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Program Files\pcreg
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Program Files\V-bates
Folder Deleted : C:\Users\Public\util
Folder Deleted : C:\Users\Stephen\AppData\Local\Browsersafeguard
Folder Deleted : C:\Users\Stephen\AppData\Local\Conduit
Folder Deleted : C:\Users\Stephen\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\Stephen\AppData\Local\genienext
Folder Deleted : C:\Users\Stephen\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Stephen\AppData\Local\iac
Folder Deleted : C:\Users\Stephen\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Stephen\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Stephen\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Stephen\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Stephen\AppData\Local\Websteroids
Folder Deleted : C:\Users\Stephen\AppData\Local\WordLayers
Folder Deleted : C:\Users\Stephen\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\Stephen\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Stephen\AppData\Local\Temp\webget
Folder Deleted : C:\Users\Stephen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Stephen\AppData\LocalLow\Doko-Toolbar
Folder Deleted : C:\Users\Stephen\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Stephen\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Stephen\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Stephen\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\Stephen\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Stephen\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Stephen\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Stephen\AppData\Roaming\HBLite
Folder Deleted : C:\Users\Stephen\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Users\Stephen\AppData\Roaming\IminentToolbar
Folder Deleted : C:\Users\Stephen\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Stephen\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\Stephen\Desktop\Documents\Optimizer Pro
Folder Deleted : C:\Users\Stephen\Desktop\Documents\PC Speed Maximizer
File Deleted : C:\END
File Deleted : C:\Users\Stacey\Desktop\YouTube Accelerator.lnk
File Deleted : C:\Users\Stephen\daemonprocess.txt
File Deleted : C:\Users\Stephen\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Stephen\AppData\Local\Temp\uninstaller.exe
File Deleted : C:\Users\Stephen\AppData\LocalLow\SkwConfig.bin
File Deleted : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
File Deleted : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Search.lnk
File Deleted : C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.iminent.com_0.localstorage-journal
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\bench-sys.job
File Deleted : C:\Windows\System32\Tasks\bench-sys
File Deleted : C:\Windows\Tasks\bench-Updater removing.job
File Deleted : C:\Windows\System32\Tasks\bench-Updater removing
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\ShopperPro
File Deleted : C:\Windows\System32\Tasks\ShopperProJSUpd
File Deleted : C:\Windows\System32\Tasks\SPDriver
File Deleted : C:\Windows\Tasks\Speedial.job
File Deleted : C:\Windows\System32\Tasks\Speedial
File Deleted : C:\Windows\Tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}.job
File Deleted : C:\Windows\System32\Tasks\FF Watcher {9A36B5C1-DECA-411A-B1BE-1B009A049848}
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter bundle uninstaller\InstallConverter bundle uninstaller.lnk
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgiifhjbblnglipdbpdgagphlcbililb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Key Deleted : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\hbliteax.info
Key Deleted : HKLM\SOFTWARE\Classes\hbliteax.info.1
Key Deleted : HKLM\SOFTWARE\Classes\hbliteax.userprofiles
Key Deleted : HKLM\SOFTWARE\Classes\hbliteax.userprofiles.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Websteroids_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebsteroidsService_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\aed9dae66fbd10
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292715
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3316068
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F791D8AE-47E8-40A5-A913-EB2D2AF29602}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0735B993-B879-45A1-9A55-57001C8F2A9D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AB4DA692-F26B-403C-AF8F-FD87D121F8F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\DealPlyLive
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Doko-Toolbar
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\hblitesa
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Bull
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\ScorpionSaver
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Adpeak, Inc.
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\DealPlyLive
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\Doko-Toolbar
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\Goobzo
Key Deleted : HKLM\Software\HBLite
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\suprasavings
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\Software\winzipersvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vittalia
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Websteroids
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Savings Bull
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Supra Savings
Key Deleted : [x64] HKLM\SOFTWARE\suprasavings
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16720
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Homepage] : hxxp://speedial.com/?f=1&a=spd_dsites03_14_21_ch&cd=2XzuyEtN2Y1L1QzuyBtD0FtC0AtCzztDyE0EyC0A0B0C0A0AtN0D0Tzu0SzzyByEtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyE0D0Czz0BtAyEtG0AtAyB0BtGzzyCyC0DtGzy0EyCzztGyC0E0A0EtCzz0BtBzyyByByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzyyDyEtD0D0BtG0EtByC0EtGyD0E0AyCtGtAyC0FyBtGtAzz0D0FyD0CtAtCyC0A0EyE2Q&cr=1910340270&ir=
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : kdidombaedgpfiiedeimiebkmbilgmlc
Deleted [Extension] : lcnnhcneegeeojhgpfijnlnocjdmlaon
 
*************************
 
AdwCleaner[R0].txt - [39019 octets] - [19/07/2014 12:38:26]
AdwCleaner[S0].txt - [36618 octets] - [19/07/2014 12:39:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36679 octets] ##########

  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Looking alot better :thumbsup:

What about the JRT report?
  • 0

#10
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

aaaand here's the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Stephen on Sat 07/19/2014 at 12:45:29.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1681374496-981502570-3093737596-1001\Software\sweetim
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Stephen\appdata\locallow\weatherblink"
Successfully deleted: [Folder] "C:\Program Files (x86)\consumer input"
Successfully deleted: [Folder] "C:\Program Files (x86)\linkidoo"
Successfully deleted: [Folder] "C:\Users\Stephen\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/19/2014 at 12:50:49.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

Advertisements


#11
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

How's your machine now? Logs indicate incredible difference, so please update me about it :)

Now some more general scans to determine if there isn't anything lurking there.


51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Dont forget to re-enable your previuosly switched-off protection software!


gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.


  • 0

#12
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

It's running much quicker!! Thanks so much!!!

 

 
Zoek.exe v5.0.0.0 Updated 19-07-2014
Tool run by Stephen on Sat 07/19/2014 at 15:13:52.22.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Stephen\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-07-19-163142.log 59583 bytes
 
==== System Restore Info ======================
 
7/19/2014 3:14:50 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958)  
Acer Arcade Deluxe  
Acer Arcade Movie  
Acer eRecovery Management  
Acer Games  
Acer Registration  
Acer ScreenSaver  
Acrobat.com  
Adobe AIR  
Adobe Flash Player 14 ActiveX  
Adobe Flash Player 14 Plugin  
Adobe Reader 9.1 MUI  
Adobe Reader XI (11.0.07)  
Adobe Shockwave Player 12.0  
Advertising Center  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Ares 2.1.2  
Bejeweled 2 Deluxe  
Blackhawk Striker 2  
Bob the Builder Can-Do-Zoo  
Bonjour  
Build-a-lot 2  
Canon Easy-WebPrint EX  
Canon IJ Network Scanner Selector EX  
Canon IJ Network Tool  
Canon IJ Scan Utility  
Canon Inkjet Printer/Scanner/Fax Extended Survey Program  
Canon MX450 series MP Drivers  
Canon MX450 series On-screen Manual  
Canon MX450 series User Registration  
Canon My Image Garden  
Canon My Image Garden Design Files  
Canon My Printer  
Canon Quick Menu  
Canon Speed Dial Utility  
Compatibility Pack for the 2007 Office system  
Easy Phone Sync  
eBay Worldwide  
Escape Rosecliff Island  
eSobi v2  
Faerie Solitaire  
FATE - The Traitor Soul  
Glary Utilities 2.28.0.1011  
Google Chrome  
Google Earth  
Google Toolbar for Internet Explorer  
Haali Media Splitter  
Hotkey Utility  
Identity Card  
ImagXpress  
InstallConverter bundle uninstaller  
Intel® Graphics Media Accelerator Driver  
Intelr Matrix Storage Manager  
Itibiti RTC  
iTunes  
Java™ 6 Update 21  
Jewel Quest Solitaire 3  
Junk Mail filter update  
K-Lite Codec Pack 7.0.0 (Standard)  
Learning Lodge Navigator  
Level Quality Watcher  
McAfee Security Scan Plus  
MediaShow Espresso  
Microsoft .NET Framework 4.5.1  
Microsoft Antimalware  
Microsoft Application Error Reporting  
Microsoft Choice Guard  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Enterprise 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office Groove MUI (English) 2007  
Microsoft Office Groove Setup Metadata MUI (English) 2007  
Microsoft Office Home and Student 2007  
Microsoft Office InfoPath MUI (English) 2007  
Microsoft Office Live Add-in 1.5  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office PowerPoint Viewer 2007 (English)  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Suite Activation Assistant  
Microsoft Office Word MUI (English) 2007  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Sync Framework Runtime Native v1.0 (x86)  
Microsoft Sync Framework Services Native v1.0 (x86)  
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Works  
MobileMe Control Panel  
Monopoly  
More Games from Acer Games  
MSVCRT  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
Mystery P.I. - Lost in Los Angeles  
MyWinLocker Suite  
Nero 9 Essentials  
Nero ControlCenter  
Nero DiscSpeed  
Nero DiscSpeed Help  
Nero DriveSpeed  
Nero DriveSpeed Help  
Nero Express Help  
Nero InfoTool  
Nero InfoTool Help  
Nero Installer  
Nero Online Upgrade  
Nero StartSmart  
Nero StartSmart Help  
Nero StartSmart OEM  
NeroExpress  
neroxml  
Norton Online Backup  
Norton Security Scan  
Penguins  
Plants vs. Zombies  
Polar Bowler  
Polar Golfer  
QuickTime  
Realtek High Definition Audio Driver  
Safari  
Scrabble Plus  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition   
Shredder  
swMSM  
The Price is Right  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office Access 2007 Help (KB963663)  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office Infopath 2007 Help (KB963662)  
Update for Microsoft Office OneNote 2007 Help (KB963670)  
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 Help (KB963677)  
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Publisher 2007 Help (KB963667)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
Virtual Families  
Virtual Villagers - A New Home  
VLC media player 1.1.4  
VTech Download Agent Library  
Welcome Center  
WinAce Archiver  
Windows Live Call  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live ID Sign-in Assistant  
Windows Live Mail  
Windows Live Messenger  
Windows Live Movie Maker  
Windows Live Photo Gallery  
Windows Live Sync  
Windows Live Upload Tool  
Windows Live Writer  
Wizard101  
Yahoo Software Update  
Yahtzee  
Zuma Deluxe  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe
C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Stephen\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Services (whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [IJPLMSVC] - Canon Inkjet Printer/Scanner/Fax Extended Survey Program - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Essentials\MsMpEng.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R2 - [YahooAUService] - Yahoo! Updater - "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - "C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe"
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [Greg_Service] - GRegService - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
S4 - [IAANTMON] - Intel® Matrix Storage Event Monitor - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
S4 - [Nero BackItUp Scheduler 4.0] - Nero BackItUp Scheduler 4.0 - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
S4 - [RichVideo] - Cyberlink RichVideo Service(CRVS) - "C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe"
S4 - [Updater Service] - Updater Service - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4062 MB
CPU Info: Pentium® Dual-Core  CPU      E6600  @ 3.06GHz
CPU Speed: 3056.5 MHz
Sound Card: Speakers (Realtek High Definiti | 
Realtek Digital Output (Realtek | 
Display Adapters: Intel® G45/G43 Express Chipset | Intel® G45/G43 Express Chipset | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless PCI Express Card LAN Adapter | Intel® 82567V-2 Gigabit Network Connection
CD / DVD Drives: 1x (D: | ) D: ATAPI   DVD A  DH16AASH
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  582.4GB
Hard Disks - Free: C:  482.7GB
Manufacturer *: AMI
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | ACRSYS - 20100324
Time Zone: Eastern Standard Time
Motherboard *: Acer WG43M
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 31.0.1650.63
Internet Explorer Version: 10.0.9200.16721 
Adobe Reader version: 11.0.07.79
Sun Java version: 1.6.0_21 (32-bit) 
Flash Player version: 14.0.0.145
Shockwave Player version: 12.0.4r144
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2014-07-07 03:18:11 27CDCD2BBCA2FFC770B5AC4D6237D765 119 ----a-w- C:\Windows\Reimage.ini
====== C:\Users\Stephen\AppData\Local\Temp ====
2014-07-19 16:45:18 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-07-07 03:18:28 23881FC2AF0E4B50DE1742954F9B684B 12305104 ----a-w- C:\Users\Stephen\AppData\Local\Temp\ReimagePackage.exe
2014-07-07 03:18:05 0EDBC2B47279C912416387BB6B69AEEC 822008 ----a-w- C:\Users\Stephen\AppData\Local\Temp\ReimageRepair.exe
2014-07-07 03:18:00 9B2952DBA7949AB6C8EB3A705383B74A 383512 ----a-w- C:\Users\Stephen\AppData\Local\Temp\ReimageSetup_new.exe
2014-07-07 03:17:41 2D10A980CC1539C4CA29387E82267B4D 279752 ----a-w- C:\Users\Stephen\AppData\Local\Temp\FLVPlayerSetup.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-19 16:38:51 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-07-10 01:08:04 C6A991D7DF17EBD8DE4739CD1F283133 646144 ----a-w- C:\Windows\SysWOW64\osk.exe
2014-07-10 01:08:03 492FF9C530EC0352B3C904CE9898269D 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2014-07-10 01:08:01 F95E1E9D97D25C11F29CA34C843A6F4D 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll
2014-07-10 01:08:01 C61DDFE40204F3BE3DF111981D91560E 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 01:08:01 8BA721F76C97A219599E88722AA48875 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 01:08:01 1A0BE0092646F564FAF204E678AF8E03 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-07-10 01:08:00 E3ECF5FFE3DEDF61DC6877B6A99ACBBF 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-07-10 01:08:00 C71CC796F0E2E9BD542C87532706FCFE 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2014-07-10 01:08:00 6CB2616152ADCDF39F05B08E4858F476 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 01:07:53 A0E053D8D97ED0F913D56E6AF21DD26F 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-07-10 01:07:53 230AAF45031E87638CA4053C0399C1E6 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-13 17:19:01 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\Sysnative\ExtraInfo.txt
2014-07-12 13:42:16 ED483962115BB818B9E457748677BC46 111957 ----a-w- C:\Windows\Sysnative\ScanResults.xml
2014-07-12 13:35:03 406E76BE63C65E0BF4B263156320254E 464 ----a-w- C:\Windows\Sysnative\ScannerSettings
2014-07-12 13:35:02 27D6C5AD7D32AAF700DB0BA132E58F6E 7312 ----a-w- C:\Windows\Sysnative\SettingsFile
2014-07-10 01:08:16 03282D1ADC4F64D27D697CBB63F972C2 519168 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-07-10 01:08:15 980394E1FF94E460C4D71C1B098A0B4F 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-07-10 01:08:05 F1726E14C8F7B40CD828345890AAF764 3157504 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-07-10 01:08:04 A064A1D9CBD7F6959AAEAEAFF96DB2E9 692736 ----a-w- C:\Windows\Sysnative\osk.exe
2014-07-10 01:08:03 D6AFBAA93169E6772565A1BC896D666B 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-07-10 01:08:01 E8E98B3B7A6E1250F4AA7AF8FA17D5BB 340992 ----a-w- C:\Windows\Sysnative\schannel.dll
2014-07-10 01:08:01 E23BA7A7BD97FC6B8AB5EA32A46D05CD 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2014-07-10 01:08:01 BFC98590EAB40C785D6134B1FA818A62 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2014-07-10 01:08:01 A805B5E68262302D1A60BE3DED5846C9 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-07-10 01:08:01 7D1017ED11B7C3B162628069742B5E58 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2014-07-10 01:08:01 79EE13A5A406E4603874686B8005DA72 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-07-10 01:08:00 C9DD5C0D5AF2D7A54BA32E8FBD3B67F1 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-07-10 01:07:53 D4CCE15190269486A5E6D4D4E597F798 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
====== C:\Windows\Sysnative\drivers =====
2014-07-10 01:08:03 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
====== C:\Windows\Tasks ======
2014-07-01 10:41:06 CC30E7D4C4B2EFBAE7B985C8AC63875A 3098 ----a-w- C:\Windows\Sysnative\Tasks\{9D80E247-2979-4C04-95CF-072A744F85C7}
2014-06-27 17:52:07 F9B1F3E47C3ECC0DA834F67C3E3DD770 4246 ----a-w- C:\Windows\Sysnative\Tasks\SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-06-27 17:51:59 -------- d-----w- C:\Program Files\Common Files\Goobzo
2014-06-27 17:51:58 -------- d-----w- C:\Program Files\Common Files\ShopperPro
======= C:\PROGRA~2 =====
2014-06-30 17:59:16 -------- d-----w- C:\PROGRA~2\Java Service Manager
2014-06-30 17:58:32 -------- d-----w- C:\PROGRA~2\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1
2014-06-27 17:55:17 -------- d-----w- C:\PROGRA~2\Xenocode
======= C: =====
2014-06-27 17:53:28 68444E9D77D56E5524C62DB51953C7F3 45 ----a-w- C:\user.js
====== C:\Users\Stephen\AppData\Roaming ======
2014-06-28 17:53:04 -------- d-----w- C:\Users\Stephen\AppData\Locallow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2014-06-28 15:43:24 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
2014-06-27 17:59:00 -------- d-----w- C:\Users\Stephen\AppData\Locallow\{FAECC00E-8025-47C7-94A5-DCC838C392A1}
2014-06-27 17:55:30 -------- d-----w- C:\Users\Stephen\AppData\Local\XboxMB
2014-06-27 17:55:17 -------- d-----w- C:\Users\Stephen\AppData\Local\Xenocode
2014-06-27 17:53:28 -------- d-----w- C:\Users\Stephen\AppData\Locallow\Company
2014-06-27 17:51:47 -------- d-----w- C:\Users\Stephen\AppData\Local\Installer
2014-06-27 17:51:42 -------- d-----w- C:\Users\Stephen\AppData\Local\CrashRpt
====== C:\Users\Stephen ======
2014-07-19 16:44:51 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Stephen\Downloads\JRT.exe
2014-07-19 16:37:43 B653DD91D5D6E519D3357A80A15A5DFB 1354223 ----a-w- C:\Users\Stephen\Downloads\AdwCleaner.exe
2014-07-14 13:55:23 83B55FB094BC0D0759F36A6F8D34075D 972584 ----a-w- C:\Users\Stephen\Downloads\java_installer.exe
2014-07-09 21:21:45 9A99BC1A8AA1DB16B8647CD05C54FB7A 774568 ----a-w- C:\Users\Stephen\Downloads\setup (15).exe
2014-07-08 13:54:05 ECBF1795BFF0D406C45ACAE56B2C0406 380280 ----a-w- C:\Users\Stephen\Downloads\SoftwareUpdater (1).exe
2014-07-07 03:18:05 83BC1C1BEFFA38CE3754AD48A798465E 227056 ----a-w- C:\Users\Stephen\Downloads\FLVPlayerSetup-N5IhQtyon.exe
2014-07-07 03:17:21 9E94E7BE59DACE0C1D98D45A328DBA26 227072 ----a-w- C:\Users\Stephen\Downloads\FLVPlayerSetup-N0qXyrwRy.exe
2014-07-07 03:01:13 FCD5C23FFDD372A785C995408CE365C4 12643712 ----a-w- C:\Users\Stephen\Downloads\Horizon.Setup.v2.7.9.3 (1).exe
2014-07-07 02:59:15 FCD5C23FFDD372A785C995408CE365C4 12643712 ----a-w- C:\Users\Stephen\Downloads\Horizon.Setup.v2.7.9.3.exe
2014-07-07 02:55:23 8BC057D7697D01D9F057D812942A50E8 937288 ----a-w- C:\Users\Stephen\Downloads\horizon-setup (1).exe
2014-06-30 20:43:05 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Desktop
2014-06-30 17:59:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Service Manager
2014-06-28 15:43:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oPryzeLP MC360 Mod Tool
 
====== C: exe-files ==
2014-07-19 16:45:18 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-07-19 16:44:51 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Stephen\Downloads\JRT.exe
2014-07-19 16:37:43 B653DD91D5D6E519D3357A80A15A5DFB 1354223 ----a-w- C:\Users\Stephen\Downloads\AdwCleaner.exe
2014-07-15 21:40:22 CFF1134B153CE79C84D9D7A467BC7BD6 1592208 ----a-w- C:\Users\Stephen\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe
2014-07-14 13:55:23 83B55FB094BC0D0759F36A6F8D34075D 972584 ----a-w- C:\Users\Stephen\Downloads\java_installer.exe
=== C: other files ==
2014-07-19 16:45:16 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\TDL4.bat
2014-07-19 16:45:16 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\medfos.bat
2014-07-19 16:45:16 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\modules.bat
2014-07-19 16:45:16 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\searchlnk.bat
2014-07-19 16:45:16 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\firefox.bat
2014-07-19 16:45:16 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\ev_clear.bat
2014-07-19 16:45:16 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\runvalues.bat
2014-07-19 16:45:16 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\delorphans.bat
2014-07-19 16:45:16 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\get.bat
2014-07-19 16:45:16 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\prelim.bat
2014-07-19 16:45:16 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\chrome.bat
2014-07-19 16:45:16 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\misc.bat
2014-07-19 16:45:16 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\ask.bat
2014-07-19 16:45:16 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\iexplore.bat
2014-07-19 16:45:16 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\JRT.bat
2014-07-19 16:45:16 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\FWPolicy.bat
2014-07-19 16:45:16 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Stephen\AppData\Local\Temp\jrt\delfolders.bat
2014-07-19 13:12:03 CF37CD4A172AF02C5B2B5A3DAE822C9F 2590268 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014719.zip
2014-07-16 00:53:51 70C7DA470A7FA0C19F30636F90100741 814372 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014715 (3).zip
2014-07-16 00:39:18 B85085A4DA039C5A3A4F7DE12DE46B50 814372 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014715 (2).zip
2014-07-16 00:38:37 035EA968C9FA524D200B40B004C34D2D 2796227 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014715 (1).zip
2014-07-16 00:37:16 79D46802925EA18C8C17B9D465305ED4 1951928 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014715.zip
2014-07-15 03:04:59 1EED6375717090DE3E056B97F1CA0B48 1951928 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014714 (1).zip
2014-07-15 03:04:30 B84866869661BE6DA15EF83C8E124465 2796227 ----a-w- C:\Users\Stephen\Downloads\Attachments_2014714.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ContentExplorer"="C:\Users\Stephen\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-1681374496-981502570-3093737596-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files (x86)\Ares\Ares.exe -h"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ContentExplorer"="C:\Users\Stephen\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"AppleSyncNotifier"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AgentMonitor"="C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"CanonQuickMenu"="C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files (x86)\Ares\Ares.exe -h"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\Program Files\Microsoft Security Essentials\msseces.exe -hide -runkey"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcadeMovieService]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcadeMovieService"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\Arcade Movie\\ArcadeMovieService.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecPMMUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EgisTecPMMUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\PmmUpdate.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EgisUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec IPS\\EgisUpdate.exe\" -d"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Global Registration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Global Registration"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Acer\\Registration\\GREG.exe\" BOOT"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Stephen\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotkey Utility]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hotkey Utility"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Acer\\Hotkey Utility\\HotkeyUtility.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAAnotif]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IAAnotif"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcui_exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcui_exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MDS_Menu]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MDS_Menu"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acer Arcade Deluxe\\MediaShow Espresso\\MUITransfer\\MUIStartMenu.exe\" \"C:\\Program Files (x86)\\Acer Arcade Deluxe\\MediaShow Espresso\" UpdateWithCreateOnce \"Software\\CyberLink\\MediaShow Espresso\\5.6\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mwlDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwlDaemon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EgisTec MyWinLocker\\x86\\mwlDaemon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NortonOnlineBackupReminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\Activation\\NobuActivation.exe\" UNATTENDED"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SuiteTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SuiteTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\EgisTec MyWinLockerSuite\\x86\\SuiteTray.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swg"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GameConsoleService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Greg_Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAANTMON]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McAfee SiteAdvisor Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McMPFSvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mcmscsvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNaiAnn]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McNASvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McODS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McOobeSv]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\McProxy]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\mfefire]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MSK80Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MWLService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Nero BackItUp Scheduler 4.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Partner Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RichVideo]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Updater Service]
 
 
==== Startup Folders ======================
 
2013-10-19 14:29:41 1270 ----a-w- C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
2013-12-28 16:07:33 1935 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/09/2014 09:48 AM]
C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files (x86)\Glary Utilities\initialize.exe [09/09/2010 10:32 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/27/2010 05:42 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/27/2010 05:42 PM]
C:\Windows\tasks\Norton Security Scan for Stephen.job --ah----- C:\PROGRA2\NORTON2\Engine\4031.24\Nss.exe []
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GlaryInitialize" [C:\Program Files (x86)\Glary Utilities\initialize.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Norton Security Scan for Stephen" [C:\PROGRA~2\NORTON~2\Engine\403~1.24\Nss.exe]
"C:\Windows\SysNative\tasks\pcreg" ["C:\Program Files\pcreg\service.exe"]
"C:\Windows\SysNative\tasks\SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41" [wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aobbhmkkplckkcbnbcdbkneemiooegoc - C:\Users\Stephen\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx[]
cbjibcbpmbcabnfnohhgjjmkgkimajko - C:\Users\Stephen\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx[]
jchggfmbjomomjeheekacpacopnpihjn - C:\Users\Stephen\AppData\Local\CRE\jchggfmbjomomjeheekacpacopnpihjn.crx[10/31/2013 07:57 AM]
kokoiojcgpmpngieemgjkgkaogemflng - C:\Users\Stephen\AppData\Local\CRE\kokoiojcgpmpngieemgjkgkaogemflng.crx[]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
aobbhmkkplckkcbnbcdbkneemiooegoc - C:\Users\Stephen\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx[]
cbjibcbpmbcabnfnohhgjjmkgkimajko - C:\Users\Stephen\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx[]
jchggfmbjomomjeheekacpacopnpihjn - C:\Users\Stephen\AppData\Local\CRE\jchggfmbjomomjeheekacpacopnpihjn.crx[10/31/2013 07:57 AM]
kokoiojcgpmpngieemgjkgkaogemflng - C:\Users\Stephen\AppData\Local\CRE\kokoiojcgpmpngieemgjkgkaogemflng.crx[]
 
Google Wallet - Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DefaultTab - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Value apps - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Secondary Start Pages"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE10SR"
{160ED137-366E-4A47-A78D-FDB597F08CF5} Yahoo! Search Url="http://us.yhs4.searc...69,0,GC31,7743"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google  Url="http://www.google.co...I7ACAW_enUS399"
{8F3F0499-AC86-4DCD-A4F6-9CD6189C98B6} Bing  Url="http://www.bing.com/...c=IE-SearchBox"
{9930EAB7-EC96-4E5F-87A8-3F0B0179906E} Yahoo  Url="http://search.yahoo....={searchTerms}"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Sat 07/19/2014 at 15:18:57.86 ======================

  • 0

#13
ztastorm

ztastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 86 posts

I downloaded and ran gmer and it said it did not detect any system modifications.."Log" was blank...so I'm guessing that's good?! or I did it wrong? lol


  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

Don't bother with Gmer. I will deploy later another one tool to be sure.

I am also sorry for the delay on my behalf, but yesterday our forum had a bug which prevented me from reviewing your topic. For now please do the following:


warning.gif Registry Cleaner/System Optimizer Warning

  • Glary Utilities
  • Reimage

I saw this kind of software installed on your machine. I really doubt it will speed up your system, instead (without some Registry knowledge) may do more harm than good. Please read the articles mentioned below:
Microsoft support policy for the use of registry cleaning utilities
Miekiemoes (Microsoft MVP) blog

My advice is to get rid of this program. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each one of them, right-click the entry and click Uninstall.

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    autoclean;
    C:\Windows\Reimage.ini;f
    C:\Users\Stephen\AppData\Local\Temp\*;f
    C:\Windows\Sysnative\Tasks\{9D80E247-2979-4C04-95CF-072A744F85C7};f
    C:\Program Files\Common Files\Goobzo;fs
    C:\Program Files\Common Files\ShopperPro;fs
    C:\PROGRA~2\Java Service Manager;fs
    C:\PROGRA~2\BEDAACA9-0245-4A85-A697-BD5CD3AD04D1;fs
    C:\PROGRA~2\Xenocode;fs
    C:\Users\Stephen\AppData\Locallow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A};fs
    C:\Users\Stephen\AppData\Locallow\{FAECC00E-8025-47C7-94A5-DCC838C392A1};fs
    C:\Users\Stephen\AppData\Local\XboxMB;fs
    C:\Users\Stephen\AppData\Local\Xenocode;fs
    C:\Users\Stephen\AppData\Locallow\Company;fs
    C:\Users\Stephen\AppData\Local\Installer;fs
    C:\Users\Stephen\AppData\Local\CrashRpt;fs
    C:\Users\Stephen\Downloads\SoftwareUpdater (1).exe;f
    C:\Users\Stephen\Downloads\java_installer.exe;f
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Service Manager;fs
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run];r
    "ContentExplorer"=-;r
    C:\Users\Stephen\AppData\Roaming\ContentExplorer;fs
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run];r
    "ContentExplorer"=-;r
    C:\Program Files (x86)\Glary Utilities;fs
    C:\Windows\tasks\GlaryInitialize.job;f
    C:\Windows\SysNative\tasks\GlaryInitialize;f
    C:\Windows\SysNative\tasks\pcreg;f
    C:\Program Files\pcreg;fs
    C:\Windows\SysNative\tasks\SPBIW_UpdateTask_Time_3833393236393032322d3737555a416c503257344a41;f
    C:\ProgramData\ShopperPro;fs
    aobbhmkkplckkcbnbcdbkneemiooegoc;chr
    cbjibcbpmbcabnfnohhgjjmkgkimajko;chr
    jchggfmbjomomjeheekacpacopnpihjn;chr
    kokoiojcgpmpngieemgjkgkaogemflng;chr
    C:\Users\Stephen\AppData\Local\CRE\aobbhmkkplckkcbnbcdbkneemiooegoc.crx;f
    C:\Users\Stephen\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx;f
    C:\Users\Stephen\AppData\Local\CRE\jchggfmbjomomjeheekacpacopnpihjn.crx;f
    C:\Users\Stephen\AppData\Local\CRE\kokoiojcgpmpngieemgjkgkaogemflng.crx;f
    lcnnhcneegeeojhgpfijnlnocjdmlaon;chr
    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon;f
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Dont forget to re-enable your previuosly switched-off protection software!

 

 

Cheers,

Naat :)


  • 0

#15
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

Still with me?


  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, virus, ValueApps, Shopper-pro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP