Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hao123.com thwarting removal [Solved]


  • This topic is locked This topic is locked

#1
CGTIII

CGTIII

    Member

  • Member
  • PipPip
  • 17 posts

I've tried several tools and tips but Firefox and Firefox only redirects any yahoo.com and only yahoo.com addresses. Thank you in advance for assistance.

 

OTL logs follow.

 

OTL logfile created on: 9/23/2014 12:04:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dr G 2\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 58.66% Memory free
5.93 Gb Paging File | 4.38 Gb Available in Paging File | 73.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 219.93 Gb Free Space | 77.07% Space Free | Partition Type: NTFS
Drive S: | 116.37 Gb Total Space | 66.57 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
 
Computer Name: DRG2-PC | User Name: Dr G 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/23 00:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dr G 2\Downloads\OTL.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/08/25 11:37:18 | 005,188,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/06/24 03:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
PRC - [2013/12/10 04:07:32 | 001,101,152 | ---- | M] (百度在线网络技术(北京)有限公司) -- C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
PRC - [2012/10/31 16:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/10/29 21:33:46 | 000,698,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/04 03:03:00 | 000,622,592 | ---- | M] (Dental Imaging Technologies Corp.) -- C:\Program Files (x86)\DEXIS\integra.exe
PRC - [2012/04/02 09:37:44 | 000,060,568 | ---- | M] (Henry Schein, Inc.) -- C:\Program Files (x86)\EzDental\WebSyncReminder.exe
PRC - [2012/04/02 09:37:30 | 000,130,200 | ---- | M] (Henry Schein, Inc.) -- C:\Program Files (x86)\EzDental\SystemTray.exe
PRC - [2011/06/08 20:19:24 | 001,583,960 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/10 03:09:35 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b51470d7e909c4fab01a25fd1e1c42dc\System.Windows.Forms.ni.dll
MOD - [2014/09/10 03:09:27 | 010,061,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9b943fcb3af2101cfb3467161c6ac0ed\System.ni.dll
MOD - [2014/06/24 03:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
MOD - [2014/02/27 18:06:24 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 18:06:10 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/17 17:50:27 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/16 18:54:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/17 18:40:54 | 000,117,568 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/31 18:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/09/18 16:29:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/18 16:26:37 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/07/19 15:29:02 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2014/07/19 15:28:59 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/10 04:07:32 | 001,101,152 | ---- | M] (百度在线网络技术(北京)有限公司) [Auto | Running] -- C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe -- (BDSGRTP)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/10/31 16:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2011/01/11 19:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/06 10:50:04 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/07/21 21:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/07/19 15:29:00 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/07/09 08:00:45 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/06/30 12:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/06/17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/06/17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/01/07 03:47:06 | 000,014,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/12/10 03:53:24 | 000,168,264 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bd0004.sys -- (bd0004)
DRV:64bit: - [2013/12/10 03:53:24 | 000,104,264 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bd0001.sys -- (bd0001)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 16:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/11/20 09:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/08/21 16:50:48 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/30 14:07:00 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{162638E4-4D15-40A7-938F-FD6D99F93E72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{162638E4-4D15-40A7-938F-FD6D99F93E72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
IE - HKU\S-1-5-21-1637667928-3353661172-2275376855-1001\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/18 16:26:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
 
[2011/12/07 11:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr G 2\AppData\Roaming\Mozilla\Extensions
[2014/09/21 13:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dr G 2\AppData\Roaming\Mozilla\Firefox\Profiles\dr039pcw.default-1411311733481\extensions
[2014/09/18 16:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/18 16:26:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/09/22 23:34:03 | 000,000,068 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 206.190.57.61 hao123.com
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (no name) - {A8502600-B272-4F68-A67B-A0305D46D297} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (F699EAF0-FA02-F7FB-0307-9AF4CF7DE091 Class) - {F699EAF0-FA02-F7FB-0307-9AF4CF7DE091} - C:\Program Files (x86)\QvodPlayer\AddIn\{F699EAF0-FA02-F7FB-0307-9AF4CF7DE091}\QvodAddr.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Defender Pro] C:\Program Files (x86)\Defender Pro\DefenderPro.exe File not found
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000..\Run: [SystemTray.exe] C:\Program Files (x86)\EzDental\SystemTray.exe (Henry Schein, Inc.)
O4 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1001\Software\Policies\Microsoft\Internet Explorer\restrictions present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11449C88-71CC-4C5C-873E-8FF07D42D75F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O27 - HKLM IFEO\ehshell.exe: Debugger - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/09/21 11:15:01 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/22 23:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2014/09/22 23:27:25 | 000,000,000 | --SD | C] -- C:\Users\Dr G 2\Documents\Passwords Database
[2014/09/22 23:27:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/21 11:12:41 | 000,000,000 | ---D | C] -- C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2014/09/21 11:12:41 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2014/09/21 11:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/09/21 11:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/09/21 08:04:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/20 20:47:55 | 010,280,824 | ---- | C] (SurfRight B.V.) -- C:\Users\Dr G 2\Documents\HitmanPro.exe
[2014/09/20 20:38:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Extensions
[2014/09/20 20:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller_HitmanPro_1967438
[2014/09/20 18:39:53 | 001,027,006 | ---- | C] (Thisisu) -- C:\Users\Dr G 2\Desktop\JRT_NEW.exe
[2014/09/20 18:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\92B36EB2-53CA-4C72-9832-65CCF55DEDB1
[2014/09/20 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\Dr G 2\AppData\Local\LogMeInIgnition
[2014/09/19 19:32:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/09/19 19:25:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/09/19 16:33:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/09/19 16:33:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/09/19 16:33:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/09/19 16:32:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/09/19 16:32:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/09/19 13:04:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Fusion
[2014/09/19 13:04:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\DEXusb_Loader
[2014/09/19 08:07:28 | 000,000,000 | ---D | C] -- C:\Users\Dr G 2\Desktop\Old Firefox Data
[2014/09/19 08:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/09/19 07:49:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/19 07:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/09/19 07:41:26 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/09/19 07:41:19 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/09/19 07:41:19 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/09/19 07:41:19 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/09/19 07:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/09/18 16:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/17 08:27:12 | 000,000,000 | ---D | C] -- C:\QvodPlayer
[2014/09/16 07:51:15 | 000,168,264 | ---- | C] (Baidu) -- C:\Windows\SysNative\drivers\bd0004.sys
[2014/09/16 07:51:14 | 000,104,264 | ---- | C] (Baidu) -- C:\Windows\SysNative\drivers\bd0001.sys
[2014/09/16 07:51:14 | 000,041,800 | ---- | C] (Baidu) -- C:\Windows\SysNative\bd64_x64.dll
[2014/09/16 07:51:14 | 000,039,056 | ---- | C] (Baidu) -- C:\Windows\SysNative\bd64_x86.dll
[2014/09/16 07:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Baidu
[2014/09/16 07:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu
[2014/09/15 14:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\KuaiWan
[2014/09/15 14:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\QvodPlayer
[2014/09/10 03:06:19 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/10 03:06:19 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/10 03:06:18 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/10 03:06:18 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/10 03:06:18 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/10 03:06:18 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/10 03:06:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/10 03:06:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/10 03:06:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/10 03:06:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/10 03:06:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/10 03:06:18 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/10 03:06:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/10 03:06:17 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/10 03:06:17 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/10 03:06:17 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/10 03:06:17 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/10 03:06:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/10 03:06:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/10 03:06:17 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/10 03:06:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/10 03:06:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/10 03:06:16 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/10 03:06:16 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/10 03:06:15 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/10 03:06:15 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/10 03:06:15 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/10 03:06:15 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/10 03:06:15 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/10 03:06:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/10 03:06:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/10 03:06:14 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/10 03:06:12 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/10 03:06:11 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/10 03:06:11 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/10 03:00:39 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/10 03:00:39 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/10 01:50:49 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/10 01:50:49 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/10 01:50:36 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/10 01:50:18 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/09 15:29:06 | 010,036,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/02 08:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/09/02 08:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/09/02 08:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/09/02 08:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/09/02 08:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/08/28 07:27:49 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/22 23:57:48 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/22 23:57:48 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/22 23:49:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/22 23:49:31 | 2388,238,336 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/22 23:34:03 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/09/22 23:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/22 18:29:10 | 000,003,449 | ---- | M] () -- C:\Windows\EZDENTAL.ini
[2014/09/22 17:27:39 | 000,801,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/22 17:27:39 | 000,677,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/22 17:27:39 | 000,127,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/21 13:41:46 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2014/09/21 11:15:01 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/09/21 11:12:42 | 000,002,262 | ---- | M] () -- C:\Users\Dr G 2\Desktop\SpyHunter.lnk
[2014/09/21 09:16:59 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/20 20:56:38 | 000,018,180 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/09/20 20:48:14 | 010,280,824 | ---- | M] (SurfRight B.V.) -- C:\Users\Dr G 2\Documents\HitmanPro.exe
[2014/09/20 01:17:12 | 001,027,006 | ---- | M] (Thisisu) -- C:\Users\Dr G 2\Desktop\JRT_NEW.exe
[2014/09/19 13:04:04 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\DEXIS Imaging Suite.lnk
[2014/09/18 16:29:28 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/18 16:29:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/15 14:06:45 | 000,000,954 | ---- | M] () -- C:\Users\Dr G 2\AppData\Roaming\coreavc.ini
[2014/09/10 03:04:51 | 000,795,476 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/09 15:29:06 | 010,036,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/04 11:24:23 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
[2014/09/03 08:44:01 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/09/02 08:40:03 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/29 08:12:20 | 000,295,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/09/21 13:41:44 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2014/09/21 11:15:01 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/09/21 11:12:42 | 000,002,262 | ---- | C] () -- C:\Users\Dr G 2\Desktop\SpyHunter.lnk
[2014/09/20 20:56:38 | 000,018,180 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/09/19 16:33:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/09/19 16:33:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/09/19 16:33:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/09/19 16:33:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/09/19 16:33:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/09/19 13:04:04 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\DEXIS Imaging Suite.lnk
[2014/09/15 14:03:13 | 000,000,954 | ---- | C] () -- C:\Users\Dr G 2\AppData\Roaming\coreavc.ini
[2014/09/02 08:40:03 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/09 08:01:41 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
[2013/11/25 10:55:02 | 000,000,288 | ---- | C] () -- C:\Users\Dr G 2\AppData\Roaming\.backup.dm
[2012/08/03 12:32:51 | 000,000,848 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/14 09:37:44 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2014/08/14 09:37:44 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2014/07/07 10:37:08 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\AVG2014
[2014/06/02 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\Canon
[2014/09/22 23:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\Dropbox
[2012/02/29 02:07:57 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\ESET
[2011/07/23 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\F-Secure
[2012/05/11 11:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\HandBrake
[2012/11/27 09:02:05 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\IObit
[2011/07/18 21:51:29 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\OpenOffice.org
[2014/04/15 03:06:03 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\Oracle
[2014/07/16 10:04:19 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\PCDr
[2014/07/07 10:36:33 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\TuneUp Software
[2012/04/04 06:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dr G 2\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========

< End of report >
 

OTL Extras logfile created on: 9/23/2014 12:04:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dr G 2\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 58.66% Memory free
5.93 Gb Paging File | 4.38 Gb Available in Paging File | 73.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 219.93 Gb Free Space | 77.07% Space Free | Partition Type: NTFS
Drive S: | 116.37 Gb Total Space | 66.57 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
 
Computer Name: DRG2-PC | User Name: Dr G 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1637667928-3353661172-2275376855-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D511A6-44E2-4C23-820F-1914D3C1C3BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1FCF8600-5EC8-465D-ACDD-086A81C19559}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{216051DE-FF6E-4FAD-A974-4B08715B9B03}" = rport=139 | protocol=6 | dir=out | app=system |
"{29E3FFDE-22F0-4B69-8B48-FD11268D2702}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3A11269B-02EC-453E-AD3A-95BCF3F4F818}" = rport=138 | protocol=17 | dir=out | app=system |
"{485684F8-5F46-40CF-AA55-0035EA3EDEED}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
"{5FD6699C-3696-443F-842C-AB49581CFF52}" = rport=137 | protocol=17 | dir=out | app=system |
"{76C0A48A-0CC5-47CA-A005-07CB39F4F7AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{837F6171-C0DD-4D84-B976-E54015D7143F}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |
"{90BAC01D-D89B-4712-9CC8-EEE54AEDE24F}" = rport=445 | protocol=6 | dir=out | app=system |
"{9BD902D1-E2F0-40E5-8ADB-2589748723CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{A1C58057-FEF0-40C9-95A7-5AAC408DC07D}" = lport=445 | protocol=6 | dir=in | app=system |
"{A323512A-C769-4A31-A4D1-C3707AECD2BF}" = lport=137 | protocol=17 | dir=in | app=system |
"{C4F312AC-A8FF-4126-BA83-C7C19CEC806E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F23FF850-0E2F-4144-A8D6-FB93DEA1E130}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4FA7950-FFAC-44BF-83BA-8E98A2770B5E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02706D12-0DC2-44D6-B81A-309BFBEFE262}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{091ECD5B-E03C-4CDA-9355-1E725148EE0A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{1A78537D-CA8C-421D-8FA5-5C2E2571A843}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1ADFFB38-DA2A-4F0D-B3C2-16AE236CA937}" = protocol=58 | dir=out | [email protected],-28546 |
"{236CB5EB-B2AA-4BD4-9D3E-01189B7BB010}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2AC7FCC0-1EBB-4582-AC6C-D231A62660BA}" = dir=out | app=c:\program files (x86)\defender pro\defenderpro.exe |
"{2CA4E252-B0CC-4248-871C-BF2DFEB2F84A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{2CB67C16-3178-4C4D-83A6-456C1865D3CD}" = protocol=6 | dir=in | app=c:\users\dr g 2\appdata\roaming\dropbox\bin\dropbox.exe |
"{302D6A50-6223-40A0-9A33-98879A2A8DE8}" = dir=in | app=c:\program files (x86)\defender pro\antivirusupdater.exe |
"{3B12DFD1-4702-4166-B53F-6B058859861D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{3E880CBB-8CE5-49D3-BE97-DEBC6839D055}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3F05888B-CB5F-4E81-9AA3-0774FDA6FBE9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{43D60CF2-D1A2-43B4-AAD6-DF7E68B4B95B}" = protocol=1 | dir=in | [email protected],-28543 |
"{4A907F8C-5A75-4016-9C58-DB697320AFA8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{52D34115-7B38-4839-8819-1D577B98E86C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{641DF6EA-3A7C-4F70-A92F-FEA38FCD393A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6FB8A5D1-80C5-4CE1-B639-07ADA73D3FE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{7153BDD0-5169-4444-AB5D-770DE8210462}" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"{741319E0-A070-4FFA-865F-A07BC9623237}" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"{85903900-E1B5-4D51-B708-CF39FF3D649C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9B5FB13E-C7D5-4D7F-A79D-6DAA345ADE2D}" = dir=out | app=c:\program files (x86)\defender pro\antivirusupdater.exe |
"{B45C83D3-25CF-4AD4-B925-90648ECE4921}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{B76076FA-E560-4D6B-9F30-0A202C723742}" = protocol=58 | dir=in | [email protected],-28545 |
"{B925DB28-FB34-430E-A72C-2A7667EB2C85}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC081AD9-8189-4C34-91F7-D537BF264D37}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{C6365CBA-80C9-46B3-A7F2-823006CAE157}" = protocol=17 | dir=in | app=c:\users\dr g 2\appdata\roaming\dropbox\bin\dropbox.exe |
"{CE5B4380-30F4-4A27-B41B-F08E2C60BDEA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{E5DE4923-03E0-4D0B-855A-6B591D47A923}" = dir=in | app=c:\program files (x86)\defender pro\defenderpro.exe |
"{EFBDA806-FBFD-4C47-9CCD-D490BFC11183}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{F38CFA0C-C8BC-49E2-BA0B-79CED16E9F7C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{F56D28B1-D9B4-4D20-B245-FFE9FF9CED45}" = protocol=1 | dir=out | [email protected],-28544 |
"{FCB1CE9B-05CA-49AE-8BBD-9249241C8F7D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"TCP Query User{363B6807-8F00-4923-9017-4FABD14B1DD8}C:\program files (x86)\qvodplayer\qvodplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodplayer.exe |
"TCP Query User{7616763A-4079-41A4-8CB2-6B1BFF627454}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9AA6CDFC-01B2-42DF-BAAE-8D314316453C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{9BC1B941-80A0-422B-988C-E7685AEDA7E1}C:\users\dr g 2\appdata\local\temp\lmi2f71.tmp\logmein client.exe" = protocol=6 | dir=in | app=c:\users\dr g 2\appdata\local\temp\lmi2f71.tmp\logmein client.exe |
"TCP Query User{A66D5735-164F-449A-9F6A-A73E6410BF4A}C:\users\dr g 2\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\dr g 2\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
"UDP Query User{3327E155-6DEE-4F2B-8EAD-3996FD916299}C:\users\dr g 2\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\dr g 2\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
"UDP Query User{370EFD54-0ED7-4EEA-A146-4B2E42C8CC5E}C:\users\dr g 2\appdata\local\temp\lmi2f71.tmp\logmein client.exe" = protocol=17 | dir=in | app=c:\users\dr g 2\appdata\local\temp\lmi2f71.tmp\logmein client.exe |
"UDP Query User{7EB318BE-D86B-4390-9155-C1500AFAB1AB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CF010F16-D080-4E19-BDEA-085A653E7C52}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{D7C4724F-45E7-4507-A976-31E8DE0B5EA3}C:\program files (x86)\qvodplayer\qvodplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{11FC30D9-3004-4FCA-912B-AF8CB65AED9C}" = AVG 2014
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{377672F0-6B8A-467D-8DDC-79338BCCD531}" = 64 Bit HP CIO Components Installer
"{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}" = MrvlUsgTracking64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}" = Broadcom Management Programs
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}" = SpyHunter
"{B42D82E8-FF97-48BB-91AA-86717B2B6B16}" = AVG 2014
"{BA4DF4C3-196E-4128-969A-00996B5A46F8}" = Canon MP500
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"AVG" = AVG 2014
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2288BE45-8868-47DD-A501-7F881C9184DD}" = Guru Limited Edition
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 67
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{852883E4-3718-41D5-8C4F-9B79F6CD631E}" = Microsoft VC++9.0 redistributables
"{8A76A079-64B0-4994-BDEC-48DABD9AC462}" = Microsoft VC++10.0 redistributables
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{984E13B9-1542-4617-A276-118F69BE3F31}" = DEXIS Integrator for Easy Dental
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C3E32441-74EE-48B9-B307-42C2C4B41816}" = Easy Dental 11
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFD0D725-67DC-4971-80A3-6B324DE919F3}" = DEXIS Imaging Suite 10
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F89CB2-D086-43DA-BD78-65A28F2ED8FF}" = Client Bookkeeping Solution 2007.1
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FC0B036E-A11F-4A43-893B-F3049D0A8962}" = DEXIS Sensor Library
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C72E2-203C-4E95-8D24-735196D29E04}" = HP Install Network Printer Wizard
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AVG Web TuneUp" = AVG Web TuneUp
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CanonMyPrinter" = Canon My Printer
"CrystalDiskInfo_is1" = CrystalDiskInfo 6.1.12
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 2.2
"EDIdEv (32-bit)" = EDIdEv Framework EDI (32-bit)
"EOS Utility" = Canon Utilities EOS Utility
"HandBrake" = HandBrake 0.9.6
"HP LaserJet P1500 series" = HP LaserJet P1500 series
"InstallShield_{CFD0D725-67DC-4971-80A3-6B324DE919F3}" = DEXIS Imaging Suite 10
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 32.0.2 (x86 en-US)" = Mozilla Firefox 32.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.0" = Canon MP Navigator 2.0
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Smart Defrag 2_is1" = Smart Defrag 2
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1637667928-3353661172-2275376855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.2.0.952
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/21/2014 11:13:20 AM | Computer Name = DrG2-PC | Source = MsiInstaller | ID = 11721
Description =
 
Error - 9/21/2014 1:41:53 PM | Computer Name = DrG2-PC | Source = System Restore | ID = 8193
Description =
 
Error - 9/21/2014 7:00:03 PM | Computer Name = DrG2-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 9/22/2014 6:08:10 PM | Computer Name = DrG2-PC | Source = Application Hang | ID = 1002
Description = The program CameraWindowCompMC.EXE version 6.1.0.7 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1880    Start
 Time: 01cfd6aba5c879bd    Termination Time: 6    Application Path: C:\Program Files (x86)\Canon\CameraWindow\CameraWindowMC\CameraWindowCompMC.EXE

Report
 Id: ee268339-42a4-11e4-99de-842b2b912366  
 
[ System Events ]
Error - 9/22/2014 6:07:58 PM | Computer Name = DrG2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 9/22/2014 6:07:58 PM | Computer Name = DrG2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 9/22/2014 6:07:58 PM | Computer Name = DrG2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 9/22/2014 6:07:58 PM | Computer Name = DrG2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 9/22/2014 6:07:58 PM | Computer Name = DrG2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 9/22/2014 6:07:58 PM | Computer Name = DrG2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 9/22/2014 6:07:58 PM | Computer Name = DrG2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 9/22/2014 6:07:58 PM | Computer Name = DrG2-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 9/22/2014 6:36:27 PM | Computer Name = DrG2-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater3.1.0 service failed to start due to the following
 error:   %%2
 
Error - 9/22/2014 11:49:38 PM | Computer Name = DrG2-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater3.1.0 service failed to start due to the following
 error:   %%2
 
< End of report >
 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls

Please uninstall the following programs from your machine as Iobit products are not recommended here as these "system care" products can cause more problems than they solve. Also, Iobit also has been caught stealing the intellectual property of other software companies.
  • Advanced System Care 6
  • Smart Defrag 2
Step 2: OTL Fix


Note: Please move OTL.exe from here: C:\Users\Dr G 2\Downloads to your Desktop, it works much better there. :)


Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
FF - user.js - File not found
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O2 - BHO: (no name) - {A8502600-B272-4F68-A67B-A0305D46D297} - No CLSID value found.
O2 - BHO: (F699EAF0-FA02-F7FB-0307-9AF4CF7DE091 Class) - {F699EAF0-FA02-F7FB-0307-9AF4CF7DE091} - C:\Program Files (x86)\QvodPlayer\AddIn\{F699EAF0-FA02-F7FB-0307-9AF4CF7DE091}\QvodAddr.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Defender Pro] C:\Program Files (x86)\Defender Pro\DefenderPro.exe File not found
O4 - HKU\S-1-5-21-1637667928-3353661172-2275376855-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
[2014/09/17 08:27:12 | 000,000,000 | ---D | C] -- C:\QvodPlayer

:Files
C:\ProgramData\QvodPlayer
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Scan with Farbar's Recovery Scan Tool


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. You will need to download and run the 64-Bit version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

OTL Fix Log

Junkware Removal Tool Log

AdwCleaner Log

FRST Log

Addition.txt Log

  • 0

#3
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thank you again for your help. Progress may be slow from my end as well.  :)

 

I missed the instruction to post logs in separate replies, but will if more are needed.

Hope that doesn't cost you much time.

 

- CT

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qvod.com/QvodShare\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\KuaiWanInsert\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D298}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}\ deleted successfully.
C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F699EAF0-FA02-F7FB-0307-9AF4CF7DE091}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F699EAF0-FA02-F7FB-0307-9AF4CF7DE091}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Defender Pro deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1637667928-3353661172-2275376855-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\QvodPlayer\Playlist folder moved successfully.
C:\QvodPlayer folder moved successfully.
========== FILES ==========
C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52 folder moved successfully.
C:\ProgramData\QvodPlayer\QvodWebBase folder moved successfully.
C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0 folder moved successfully.
C:\ProgramData\QvodPlayer\QvodExtend folder moved successfully.
C:\ProgramData\QvodPlayer\Playlist folder moved successfully.
C:\ProgramData\QvodPlayer folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Dr G 2\Desktop\cmd.bat deleted successfully.
C:\Users\Dr G 2\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Dr G 2\Desktop\cmd.bat deleted successfully.
C:\Users\Dr G 2\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dr G 2\Desktop\cmd.bat deleted successfully.
C:\Users\Dr G 2\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dr G 2
->Temp folder emptied: 79502794 bytes
->Temporary Internet Files folder emptied: 1016477 bytes
->Java cache emptied: 328941 bytes
->FireFox cache emptied: 100274474 bytes
->Flash cache emptied: 791 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3252797 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 432264 bytes
 
Total Files Cleaned = 176.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09242014_010507

Files\Folders moved on Reboot...
C:\Users\Dr G 2\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Professional x64
Ran by Dr G 2 on Wed 09/24/2014 at  1:14:46.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"
Failed to delete: [Folder] "C:\Program Files (x86)\baidu"



~~~ FireFox

Emptied folder: C:\Users\Dr G 2\AppData\Roaming\mozilla\firefox\profiles\dr039pcw.default-1411311733481\minidumps [2 files]



~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/24/2014 at  1:19:24.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v3.310 - Report created 24/09/2014 at 01:25:20
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Dr G 2 - DRG2-PC
# Running from : C:\Users\Dr G 2\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\baidu
[!] Folder Deleted : C:\Program Files (x86)\Common Files\baidu

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\Dr G 2\AppData\Roaming\Mozilla\Firefox\Profiles\dr039pcw.default-1411311733481\prefs.js ]


*************************

AdwCleaner[R0].txt - [1785 octets] - [21/09/2014 08:04:25]
AdwCleaner[R1].txt - [1117 octets] - [22/09/2014 23:46:42]
AdwCleaner[R2].txt - [1174 octets] - [24/09/2014 01:23:58]
AdwCleaner[S0].txt - [1892 octets] - [21/09/2014 08:28:45]
AdwCleaner[S1].txt - [1195 octets] - [22/09/2014 23:48:02]
AdwCleaner[S2].txt - [1108 octets] - [24/09/2014 01:25:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1168 octets] ##########
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Dr G 2 at 2014-09-24 01:36:38
Running from C:\Users\Dr G 2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4025 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.7 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon MP Navigator 2.0 (HKLM-x32\...\MP Navigator 2.0) (Version:  - )
Canon MP500 (HKLM\...\{BA4DF4C3-196E-4128-969A-00996B5A46F8}) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities Digital Photo Professional 2.2 (HKLM-x32\...\DPP) (Version: 2.2.0.1 - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Client Bookkeeping Solution 2007.1 (HKLM-x32\...\{F4F89CB2-D086-43DA-BD78-65A28F2ED8FF}) (Version: 07.1.9.65 - Thomson Tax & Accounting)
CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{975DFE7C-8E56-45BC-A329-401E6B1F8102}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DEXIS Imaging Suite 10 (HKLM-x32\...\InstallShield_{CFD0D725-67DC-4971-80A3-6B324DE919F3}) (Version: 10.1.1 - DEXIS)
DEXIS Imaging Suite 10 (x32 Version: 10.1.1 - DEXIS) Hidden
DEXIS Integrator for Easy Dental (HKLM-x32\...\{984E13B9-1542-4617-A276-118F69BE3F31}) (Version: 3.0.3 - DEXIS)
DEXIS Sensor Library (HKLM-x32\...\{FC0B036E-A11F-4A43-893B-F3049D0A8962}) (Version: 9.0.3 - DEXIS)
Dropbox (HKCU\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
Easy Dental 11 (HKLM-x32\...\{C3E32441-74EE-48B9-B307-42C2C4B41816}) (Version: 11.0.150.0 i1 - Easy Dental Systems, Inc.)
EDIdEv Framework EDI (32-bit) (HKLM-x32\...\EDIdEv (32-bit)) (Version:  - Edidev)
GoToMeeting 5.2.0.952 (HKCU\...\GoToMeeting) (Version: 5.2.0.952 - CitrixOnline)
Guru Limited Edition (HKLM-x32\...\{2288BE45-8868-47DD-A501-7F881C9184DD}) (Version: 3.0.0.11 - Reality Engineering, Inc.)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
HP Install Network Printer Wizard (HKLM-x32\...\{FF1C72E2-203C-4E95-8D24-735196D29E04}) (Version: 8.1.03 - Hewlett-Packard)
HP LaserJet P1500 series (HKLM-x32\...\HP LaserJet P1500 series) (Version:  - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn (HKLM-x32\...\{57573545-74EB-46D2-B362-AA05364E4ED8}) (Version: 4.1.1868 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft VC++10.0 redistributables (x32 Version: 1.00.0000 - Dentrix Dental Systems, Inc.) Hidden
Microsoft VC++9.0 redistributables (x32 Version: 1.00.0000 - Dentrix Dental Systems, Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MrvlUsgTracking (HKLM-x32\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell)
MrvlUsgTracking64 (HKLM\...\{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}) (Version: 1.0.1 - Marvell Semiconductor Pvt Ltd)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\952\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-09-2014 15:12:05 Installed SpyHunter
21-09-2014 17:39:43 Installed STOPzilla AntiMalware 6.0
21-09-2014 17:49:16 Removed STOPzilla AntiMalware 6.0
24-09-2014 05:05:30 OTL Restore Point - 9/24/2014 1:05:28 AM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-09-19 15:47 - 2014-09-24 01:07 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E762992-503B-423E-B820-6F25FA3611BB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1FC0413D-5CB2-4CC6-AA6E-B25FE133D145} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {22E26024-9048-4EE8-9B36-39B9DB38622C} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {33B080CB-824B-403E-ADF2-812BAFCB0824} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {5EF6C2C9-842B-43AE-BAF6-7412FF1E6425} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {72D52FB9-8D09-4261-A9E6-0AC9AB0745FA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {9A467F02-BF6F-45C4-97B5-622267FA2ECB} - System32\Tasks\Malware Protection 360 => C:\Program Files (x86)\MalwareProtection360\MalwareProtection360\malwareprotection360.exe
Task: {9C8CA0A5-FFC8-44C4-9CC1-53C649F0410F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C89D9CC9-5B18-4FBB-952D-B33E583CA68C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {F28CD4C3-15A8-4D87-810D-497CBDD95FCD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-16 07:51 - 2013-12-10 03:53 - 00426824 _____ () C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\bdsg0002.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-17 16:19 - 2011-07-17 17:50 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eSync Reminder.lnk => C:\Windows\pss\eSync Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WebSync Reminder.lnk => C:\Windows\pss\WebSync Reminder.lnk.CommonStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/24/2014 01:26:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.1.0 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-22 19:08:13.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-19 16:40:24.850
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-19 16:40:24.538
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-22 10:58:09.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\F-Secure\Anti-Virus\fsbldrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-22 10:58:09.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\F-Secure\Anti-Virus\fsbldrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz
Percentage of memory in use: 42%
Total physical RAM: 3036.8 MB
Available physical RAM: 1759.83 MB
Total Pagefile: 6071.79 MB
Available Pagefile: 4615.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.37 GB) (Free:225.09 GB) NTFS
Drive s: () (Network) (Total:116.37 GB) (Free:66.56 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by Dr G 2 at 2014-09-24 01:36:38
Running from C:\Users\Dr G 2\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4025 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.7 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.1.1.17 - )
Canon Camera Support Core Library (HKLM-x32\...\CSCLIB) (Version: 7.3.1.6 - )
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC5) (Version: 5.4.5.17 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.2.0.8 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.1.0.7 - )
Canon MP Navigator 2.0 (HKLM-x32\...\MP Navigator 2.0) (Version:  - )
Canon MP500 (HKLM\...\{BA4DF4C3-196E-4128-969A-00996B5A46F8}) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.5.0.5 - )
Canon Utilities Digital Photo Professional 2.2 (HKLM-x32\...\DPP) (Version: 2.2.0.1 - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.1.0.8 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Client Bookkeeping Solution 2007.1 (HKLM-x32\...\{F4F89CB2-D086-43DA-BD78-65A28F2ED8FF}) (Version: 07.1.9.65 - Thomson Tax & Accounting)
CrystalDiskInfo 6.1.12 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.12 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{975DFE7C-8E56-45BC-A329-401E6B1F8102}) (Version: 1.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DEXIS Imaging Suite 10 (HKLM-x32\...\InstallShield_{CFD0D725-67DC-4971-80A3-6B324DE919F3}) (Version: 10.1.1 - DEXIS)
DEXIS Imaging Suite 10 (x32 Version: 10.1.1 - DEXIS) Hidden
DEXIS Integrator for Easy Dental (HKLM-x32\...\{984E13B9-1542-4617-A276-118F69BE3F31}) (Version: 3.0.3 - DEXIS)
DEXIS Sensor Library (HKLM-x32\...\{FC0B036E-A11F-4A43-893B-F3049D0A8962}) (Version: 9.0.3 - DEXIS)
Dropbox (HKCU\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
Easy Dental 11 (HKLM-x32\...\{C3E32441-74EE-48B9-B307-42C2C4B41816}) (Version: 11.0.150.0 i1 - Easy Dental Systems, Inc.)
EDIdEv Framework EDI (32-bit) (HKLM-x32\...\EDIdEv (32-bit)) (Version:  - Edidev)
GoToMeeting 5.2.0.952 (HKCU\...\GoToMeeting) (Version: 5.2.0.952 - CitrixOnline)
Guru Limited Edition (HKLM-x32\...\{2288BE45-8868-47DD-A501-7F881C9184DD}) (Version: 3.0.0.11 - Reality Engineering, Inc.)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
HP Install Network Printer Wizard (HKLM-x32\...\{FF1C72E2-203C-4E95-8D24-735196D29E04}) (Version: 8.1.03 - Hewlett-Packard)
HP LaserJet P1500 series (HKLM-x32\...\HP LaserJet P1500 series) (Version:  - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LogMeIn (HKLM-x32\...\{57573545-74EB-46D2-B362-AA05364E4ED8}) (Version: 4.1.1868 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft VC++10.0 redistributables (x32 Version: 1.00.0000 - Dentrix Dental Systems, Inc.) Hidden
Microsoft VC++9.0 redistributables (x32 Version: 1.00.0000 - Dentrix Dental Systems, Inc.) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MrvlUsgTracking (HKLM-x32\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell)
MrvlUsgTracking64 (HKLM\...\{42F0FD29-7EB3-4CAA-AF10-BC2619B96D80}) (Version: 1.0.1 - Marvell Semiconductor Pvt Ltd)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\952\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1637667928-3353661172-2275376855-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)

==================== Restore Points  =========================

21-09-2014 15:12:05 Installed SpyHunter
21-09-2014 17:39:43 Installed STOPzilla AntiMalware 6.0
21-09-2014 17:49:16 Removed STOPzilla AntiMalware 6.0
24-09-2014 05:05:30 OTL Restore Point - 9/24/2014 1:05:28 AM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-09-19 15:47 - 2014-09-24 01:07 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E762992-503B-423E-B820-6F25FA3611BB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1FC0413D-5CB2-4CC6-AA6E-B25FE133D145} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {22E26024-9048-4EE8-9B36-39B9DB38622C} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {33B080CB-824B-403E-ADF2-812BAFCB0824} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {5EF6C2C9-842B-43AE-BAF6-7412FF1E6425} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {72D52FB9-8D09-4261-A9E6-0AC9AB0745FA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {9A467F02-BF6F-45C4-97B5-622267FA2ECB} - System32\Tasks\Malware Protection 360 => C:\Program Files (x86)\MalwareProtection360\MalwareProtection360\malwareprotection360.exe
Task: {9C8CA0A5-FFC8-44C4-9CC1-53C649F0410F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C89D9CC9-5B18-4FBB-952D-B33E583CA68C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {F28CD4C3-15A8-4D87-810D-497CBDD95FCD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-16 07:51 - 2013-12-10 03:53 - 00426824 _____ () C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\bdsg0002.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-17 16:19 - 2011-07-17 17:50 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eSync Reminder.lnk => C:\Windows\pss\eSync Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WebSync Reminder.lnk => C:\Windows\pss\WebSync Reminder.lnk.CommonStartup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (09/24/2014 01:26:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater3.1.0 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-22 19:08:13.287
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-22 19:08:13.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-19 16:40:24.850
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-19 16:40:24.538
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-22 10:58:09.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\F-Secure\Anti-Virus\fsbldrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-22 10:58:09.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\F-Secure\Anti-Virus\fsbldrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz
Percentage of memory in use: 42%
Total physical RAM: 3036.8 MB
Available physical RAM: 1759.83 MB
Total Pagefile: 6071.79 MB
Available Pagefile: 4615.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:285.37 GB) (Free:225.09 GB) NTFS
Drive s: () (Network) (Total:116.37 GB) (Free:66.56 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thank you again for your help. Progress may be slow from my end as well. :)



I missed the instruction to post logs in separate replies, but will if more are needed.

Hope that doesn't cost you much time.


You're quite welcome :) No worries on the logs. It looks like you've posted the Addition.txt log twice. We're missing the FRST.txt log. It can be found here: C:\Users\Dr G 2\Desktop

Please post it and we'll continue. :thumbsup:
  • 0

#5
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by Dr G 2 (administrator) on DRG2-PC on 24-09-2014 01:31:18
Running from C:\Users\Dr G 2\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Henry Schein, Inc.) C:\Program Files (x86)\EzDental\SystemTray.exe
(Dental Imaging Technologies Corp.) C:\Program Files (x86)\DEXIS\integra.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Henry Schein, Inc.) C:\Program Files (x86)\EzDental\WebSyncReminder.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-12] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-01-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\...\Run: [SystemTray.exe] => C:\Program Files (x86)\EzDental\SystemTray.exe [130200 2012-04-02] (Henry Schein, Inc.)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DEXIS Integrator.lnk
ShortcutTarget: DEXIS Integrator.lnk -> C:\Program Files (x86)\DEXIS\integra.exe (Dental Imaging Technologies Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eSync Reminder.lnk
ShortcutTarget: eSync Reminder.lnk -> C:\Program Files (x86)\EzDental\eSyncReminder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebSync Reminder.lnk
ShortcutTarget: WebSync Reminder.lnk -> C:\Program Files (x86)\EzDental\WebSyncReminder.exe (Henry Schein, Inc.)
Startup: C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D298} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Dr G 2\AppData\Roaming\Mozilla\Firefox\Profiles\dr039pcw.default-1411311733481
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 BDSGRTP; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe [1101152 2013-12-10] (百度在线网络技术(北京)有限公司)
R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-19] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-19] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-01-11] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-09] (AVG Technologies)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [104264 2013-12-10] (Baidu)
R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [168264 2013-12-10] (Baidu)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 01:31 - 2014-09-24 01:36 - 00014296 _____ () C:\Users\Dr G 2\Desktop\FRST.txt
2014-09-24 01:30 - 2014-09-24 01:31 - 00000000 ____D () C:\FRST
2014-09-24 01:29 - 2014-09-24 01:29 - 02106880 _____ (Farbar) C:\Users\Dr G 2\Desktop\FRST64.exe
2014-09-24 01:26 - 2014-09-24 01:33 - 00000000 ____D () C:\ProgramData\Baidu
2014-09-24 01:22 - 2014-09-24 01:22 - 01373475 _____ () C:\Users\Dr G 2\Desktop\AdwCleaner.exe
2014-09-24 01:19 - 2014-09-24 01:19 - 00000896 _____ () C:\Users\Dr G 2\Desktop\JRT.txt
2014-09-24 01:14 - 2014-09-24 01:13 - 01024790 _____ (Thisisu) C:\Users\Dr G 2\Desktop\JRT(1).exe
2014-09-24 01:13 - 2014-09-24 01:13 - 01024790 _____ (Thisisu) C:\Users\Dr G 2\Downloads\JRT(1).exe
2014-09-24 01:05 - 2014-09-24 01:05 - 00000000 ____D () C:\_OTL
2014-09-23 00:13 - 2014-09-23 00:13 - 00097790 _____ () C:\Users\Dr G 2\Downloads\OTL.Txt
2014-09-23 00:13 - 2014-09-23 00:13 - 00057778 _____ () C:\Users\Dr G 2\Downloads\Extras.Txt
2014-09-23 00:02 - 2014-09-23 00:02 - 00602112 _____ (OldTimer Tools) C:\Users\Dr G 2\Desktop\OTL.exe
2014-09-22 23:44 - 2014-09-22 23:44 - 01373475 _____ () C:\Users\Dr G 2\Downloads\AdwCleaner(1).exe
2014-09-22 23:27 - 2014-09-22 23:27 - 00000000 ___SD () C:\Users\Dr G 2\Documents\Passwords Database
2014-09-21 15:35 - 2014-09-21 15:37 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\Dr G 2\Downloads\pur13.0.2.558abcdEN_5352.exe
2014-09-21 15:07 - 2014-09-21 15:07 - 19398920 _____ (SUPERAntiSpyware) C:\Users\Dr G 2\Downloads\SUPERAntiSpyware.exe
2014-09-21 14:04 - 2014-09-21 14:05 - 10861216 _____ () C:\Users\Dr G 2\Downloads\defender_pro_free_2014.exe
2014-09-21 13:41 - 2014-09-21 13:41 - 00000480 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-09-21 13:38 - 2014-09-21 13:39 - 00593488 _____ () C:\Users\Dr G 2\Downloads\STOPzillaASM_Setup.exe
2014-09-21 11:15 - 2014-09-21 11:15 - 00000000 _____ () C:\autoexec.bat
2014-09-21 11:12 - 2014-09-21 11:12 - 00002262 _____ () C:\Users\Dr G 2\Desktop\SpyHunter.lnk
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\sh4ldr
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 11:10 - 2014-09-21 11:10 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dr G 2\Downloads\SpyHunter-Installer.exe
2014-09-21 08:04 - 2014-09-24 01:25 - 00000000 ____D () C:\AdwCleaner
2014-09-20 20:56 - 2014-09-20 20:56 - 00018180 _____ () C:\Windows\system32\.crusader
2014-09-20 20:49 - 2014-09-20 20:50 - 01876816 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\hmpalert.exe
2014-09-20 20:49 - 2014-09-20 20:49 - 11194928 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\HitmanPro_x64(1).exe
2014-09-20 20:47 - 2014-09-20 20:48 - 10280824 _____ (SurfRight B.V.) C:\Users\Dr G 2\Documents\HitmanPro.exe
2014-09-20 20:38 - 2014-09-20 20:56 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-20 20:38 - 2014-09-20 20:38 - 00003280 _____ () C:\Windows\System32\Tasks\Malware Protection 360
2014-09-20 20:34 - 2014-09-20 20:34 - 00000000 ____D () C:\Users\Dr G 2\Downloads\HitmanPro_TSV622G7N
2014-09-20 20:34 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_HitmanPro_1967438
2014-09-20 18:45 - 2014-09-20 18:45 - 00656864 _____ () C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(2).exe
2014-09-20 18:41 - 2014-09-20 18:41 - 00656864 _____ () C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(1).exe
2014-09-20 18:38 - 2014-09-20 21:20 - 00000000 ____D () C:\Program Files\92B36EB2-53CA-4C72-9832-65CCF55DEDB1
2014-09-20 18:36 - 2014-09-20 18:36 - 00656864 _____ () C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup.exe
2014-09-20 16:21 - 2014-09-20 16:21 - 00000000 ____D () C:\Users\Dr G 2\AppData\Local\LogMeInIgnition
2014-09-19 19:32 - 2014-09-19 19:32 - 00026224 _____ () C:\ComboFix.txt
2014-09-19 16:33 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-19 16:33 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-19 16:33 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-19 16:32 - 2014-09-19 19:32 - 00000000 ____D () C:\Qoobox
2014-09-19 16:32 - 2014-09-19 19:30 - 00000000 ____D () C:\Windows\erdnt
2014-09-19 16:31 - 2014-09-19 16:31 - 05578824 ____R (Swearware) C:\Users\Dr G 2\Downloads\ComboFix.exe
2014-09-19 13:04 - 2014-09-19 13:04 - 00001960 _____ () C:\Users\Public\Desktop\DEXIS Imaging Suite.lnk
2014-09-19 13:04 - 2014-09-19 13:04 - 00000000 ____D () C:\Windows\SysWOW64\Fusion
2014-09-19 13:04 - 2014-09-19 13:04 - 00000000 ____D () C:\Windows\SysWOW64\DEXusb_Loader
2014-09-19 08:23 - 2014-09-19 08:23 - 15568184 _____ (Elex do Brasil Participações Ltda) C:\Users\Dr G 2\Downloads\yet_another_cleaner_sk.exe
2014-09-19 08:07 - 2014-09-21 11:02 - 00000000 ____D () C:\Users\Dr G 2\Desktop\Old Firefox Data
2014-09-19 08:01 - 2014-09-20 20:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-19 08:00 - 2014-09-19 08:01 - 11194928 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\HitmanPro_x64.exe
2014-09-19 07:49 - 2014-09-20 18:46 - 01016261 _____ (Thisisu) C:\Users\Dr G 2\Downloads\JRT.exe
2014-09-19 07:49 - 2014-09-19 07:49 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 07:41 - 2014-09-19 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-19 07:41 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-19 07:41 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-19 07:41 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-19 07:41 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-19 07:40 - 2014-09-19 07:41 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-19 07:38 - 2014-09-19 07:38 - 00918952 _____ (Oracle Corporation) C:\Users\Dr G 2\Downloads\jxpiinstall(1).exe
2014-09-18 16:30 - 2014-09-18 16:30 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Dr G 2\Downloads\Shockwave_Installer_Slim.exe
2014-09-18 16:26 - 2014-09-18 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 14:25 - 2014-09-18 14:25 - 01373475 _____ () C:\Users\Dr G 2\Downloads\AdwCleaner.exe
2014-09-16 11:01 - 2014-09-16 11:01 - 00003156 _____ () C:\Windows\System32\Tasks\{B90477C9-EF70-4CF5-816C-5334968AA2A2}
2014-09-16 07:51 - 2014-09-16 07:51 - 00000000 ____D () C:\Program Files (x86)\Baidu
2014-09-16 07:51 - 2013-12-10 03:53 - 00168264 _____ (Baidu) C:\Windows\system32\Drivers\bd0004.sys
2014-09-16 07:51 - 2013-12-10 03:53 - 00104264 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
2014-09-16 07:51 - 2013-12-10 03:53 - 00041800 _____ (Baidu) C:\Windows\system32\bd64_x64.dll
2014-09-16 07:51 - 2013-12-10 03:53 - 00039056 _____ (Baidu) C:\Windows\system32\bd64_x86.dll
2014-09-15 14:03 - 2014-09-15 14:06 - 00000954 _____ () C:\Users\Dr G 2\AppData\Roaming\coreavc.ini
2014-09-15 14:01 - 2014-09-15 14:01 - 00000000 ____D () C:\ProgramData\KuaiWan
2014-09-15 14:00 - 2014-09-15 14:01 - 26727760 _____ (Shenzhen Qvod Technology Co.,Ltd) C:\Users\Dr G 2\Downloads\QvodPlus_5.15.148.0_bd.exe
2014-09-10 03:06 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:06 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:06 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:06 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:06 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:06 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:06 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:06 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:06 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:06 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:06 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:06 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:06 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:06 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:06 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:06 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:06 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:06 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:06 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:06 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:06 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:06 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:06 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 03:06 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:06 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:06 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 03:06 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 03:06 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:06 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:06 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:06 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:06 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:06 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:06 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:06 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 03:06 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 03:06 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:06 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:06 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:06 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:06 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:06 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 03:06 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:06 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:06 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:06 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:06 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:06 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:06 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:06 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:06 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 03:06 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:06 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:06 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:06 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:06 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 01:50 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 01:50 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 01:50 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 01:50 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 01:50 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 01:50 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 01:50 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 01:50 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 01:50 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-02 17:35 - 2014-09-02 17:35 - 11582114 _____ () C:\Users\Dr G 2\Downloads\video-2014-09-02-17-29-42.mp4
2014-09-02 08:40 - 2014-09-02 08:40 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-02 08:40 - 2014-09-02 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 08:38 - 2014-09-02 08:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 08:38 - 2014-09-02 08:39 - 00000000 ____D () C:\Program Files\iTunes
2014-09-02 08:38 - 2014-09-02 08:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-02 08:38 - 2014-09-02 08:38 - 00000000 ____D () C:\Program Files\iPod
2014-08-28 07:27 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:27 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:27 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 01:36 - 2014-09-24 01:31 - 00014296 _____ () C:\Users\Dr G 2\Desktop\FRST.txt
2014-09-24 01:33 - 2014-09-24 01:26 - 00000000 ____D () C:\ProgramData\Baidu
2014-09-24 01:31 - 2014-09-24 01:30 - 00000000 ____D () C:\FRST
2014-09-24 01:29 - 2014-09-24 01:29 - 02106880 _____ (Farbar) C:\Users\Dr G 2\Desktop\FRST64.exe
2014-09-24 01:29 - 2012-04-04 08:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 01:29 - 2009-07-14 01:10 - 01108290 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 01:28 - 2012-05-25 09:41 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\Dropbox
2014-09-24 01:26 - 2014-01-21 12:24 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-09-24 01:26 - 2014-01-21 12:23 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-09-24 01:26 - 2011-02-23 19:53 - 00317496 _____ () C:\Windows\PFRO.log
2014-09-24 01:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 01:26 - 2009-07-14 00:51 - 00079273 _____ () C:\Windows\setupact.log
2014-09-24 01:25 - 2014-09-21 08:04 - 00000000 ____D () C:\AdwCleaner
2014-09-24 01:22 - 2014-09-24 01:22 - 01373475 _____ () C:\Users\Dr G 2\Desktop\AdwCleaner.exe
2014-09-24 01:19 - 2014-09-24 01:19 - 00000896 _____ () C:\Users\Dr G 2\Desktop\JRT.txt
2014-09-24 01:16 - 2009-07-14 00:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 01:16 - 2009-07-14 00:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 01:13 - 2014-09-24 01:14 - 01024790 _____ (Thisisu) C:\Users\Dr G 2\Desktop\JRT(1).exe
2014-09-24 01:13 - 2014-09-24 01:13 - 01024790 _____ (Thisisu) C:\Users\Dr G 2\Downloads\JRT(1).exe
2014-09-24 01:05 - 2014-09-24 01:05 - 00000000 ____D () C:\_OTL
2014-09-24 01:00 - 2012-05-11 10:12 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\Apple Computer
2014-09-24 00:59 - 2011-07-17 17:59 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-23 22:29 - 2012-04-04 08:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 22:29 - 2012-04-04 08:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 22:29 - 2011-10-04 08:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 18:59 - 2014-04-16 05:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-23 18:23 - 2011-08-19 10:11 - 00003449 _____ () C:\Windows\EZDENTAL.ini
2014-09-23 13:32 - 2012-10-26 18:13 - 00000000 ____D () C:\ProgramData\Danaher_Dental
2014-09-23 10:00 - 2013-05-21 15:17 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-23 00:13 - 2014-09-23 00:13 - 00097790 _____ () C:\Users\Dr G 2\Downloads\OTL.Txt
2014-09-23 00:13 - 2014-09-23 00:13 - 00057778 _____ () C:\Users\Dr G 2\Downloads\Extras.Txt
2014-09-23 00:02 - 2014-09-23 00:02 - 00602112 _____ (OldTimer Tools) C:\Users\Dr G 2\Desktop\OTL.exe
2014-09-22 23:44 - 2014-09-22 23:44 - 01373475 _____ () C:\Users\Dr G 2\Downloads\AdwCleaner(1).exe
2014-09-22 23:27 - 2014-09-22 23:27 - 00000000 ___SD () C:\Users\Dr G 2\Documents\Passwords Database
2014-09-22 18:08 - 2011-10-05 17:15 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\ZoomBrowser EX
2014-09-22 18:07 - 2011-07-17 16:33 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-09-22 17:27 - 2009-07-14 01:13 - 00801100 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 17:19 - 2014-06-02 18:11 - 00000000 ____D () C:\Users\Dr G 2\Documents\K1-2013 puroil
2014-09-21 15:37 - 2014-09-21 15:35 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\Dr G 2\Downloads\pur13.0.2.558abcdEN_5352.exe
2014-09-21 15:07 - 2014-09-21 15:07 - 19398920 _____ (SUPERAntiSpyware) C:\Users\Dr G 2\Downloads\SUPERAntiSpyware.exe
2014-09-21 14:05 - 2014-09-21 14:04 - 10861216 _____ () C:\Users\Dr G 2\Downloads\defender_pro_free_2014.exe
2014-09-21 13:41 - 2014-09-21 13:41 - 00000480 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-09-21 13:39 - 2014-09-21 13:38 - 00593488 _____ () C:\Users\Dr G 2\Downloads\STOPzillaASM_Setup.exe
2014-09-21 11:15 - 2014-09-21 11:15 - 00000000 _____ () C:\autoexec.bat
2014-09-21 11:12 - 2014-09-21 11:12 - 00002262 _____ () C:\Users\Dr G 2\Desktop\SpyHunter.lnk
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\sh4ldr
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 11:10 - 2014-09-21 11:10 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dr G 2\Downloads\SpyHunter-Installer.exe
2014-09-21 11:02 - 2014-09-19 08:07 - 00000000 ____D () C:\Users\Dr G 2\Desktop\Old Firefox Data
2014-09-21 09:16 - 2014-08-07 04:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 08:29 - 2011-02-23 18:17 - 00000000 ____D () C:\Windows\system32\log
2014-09-20 22:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-09-20 21:20 - 2014-09-20 18:38 - 00000000 ____D () C:\Program Files\92B36EB2-53CA-4C72-9832-65CCF55DEDB1
2014-09-20 20:56 - 2014-09-20 20:56 - 00018180 _____ () C:\Windows\system32\.crusader
2014-09-20 20:56 - 2014-09-20 20:38 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-20 20:56 - 2014-09-19 08:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-20 20:50 - 2014-09-20 20:49 - 01876816 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\hmpalert.exe
2014-09-20 20:49 - 2014-09-20 20:49 - 11194928 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\HitmanPro_x64(1).exe
2014-09-20 20:48 - 2014-09-20 20:47 - 10280824 _____ (SurfRight B.V.) C:\Users\Dr G 2\Documents\HitmanPro.exe
2014-09-20 20:38 - 2014-09-20 20:38 - 00003280 _____ () C:\Windows\System32\Tasks\Malware Protection 360
2014-09-20 20:34 - 2014-09-20 20:34 - 00000000 ____D () C:\Users\Dr G 2\Downloads\HitmanPro_TSV622G7N
2014-09-20 20:34 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_HitmanPro_1967438
2014-09-20 18:46 - 2014-09-19 07:49 - 01016261 _____ (Thisisu) C:\Users\Dr G 2\Downloads\JRT.exe
2014-09-20 18:45 - 2014-09-20 18:45 - 00656864 _____ () C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(2).exe
2014-09-20 18:41 - 2014-09-20 18:41 - 00656864 _____ () C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(1).exe
2014-09-20 18:36 - 2014-09-20 18:36 - 00656864 _____ () C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup.exe
2014-09-20 18:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-09-20 16:21 - 2014-09-20 16:21 - 00000000 ____D () C:\Users\Dr G 2\AppData\Local\LogMeInIgnition
2014-09-20 10:51 - 2011-09-09 09:26 - 00000000 ____D () C:\Program Files (x86)\Client Bookkeeping Solution
2014-09-19 19:32 - 2014-09-19 19:32 - 00026224 _____ () C:\ComboFix.txt
2014-09-19 19:32 - 2014-09-19 16:32 - 00000000 ____D () C:\Qoobox
2014-09-19 19:32 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-09-19 19:30 - 2014-09-19 16:32 - 00000000 ____D () C:\Windows\erdnt
2014-09-19 19:25 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-19 19:24 - 2009-07-13 22:34 - 76546048 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-19 19:24 - 2009-07-13 22:34 - 15990784 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-19 19:24 - 2009-07-13 22:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-19 19:24 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-19 19:24 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-19 16:40 - 2011-07-17 16:01 - 00000000 ____D () C:\Users\Dr G 2
2014-09-19 16:31 - 2014-09-19 16:31 - 05578824 ____R (Swearware) C:\Users\Dr G 2\Downloads\ComboFix.exe
2014-09-19 13:04 - 2014-09-19 13:04 - 00001960 _____ () C:\Users\Public\Desktop\DEXIS Imaging Suite.lnk
2014-09-19 13:04 - 2014-09-19 13:04 - 00000000 ____D () C:\Windows\SysWOW64\Fusion
2014-09-19 13:04 - 2014-09-19 13:04 - 00000000 ____D () C:\Windows\SysWOW64\DEXusb_Loader
2014-09-19 13:04 - 2012-10-26 18:13 - 00000000 ____D () C:\Program Files (x86)\DEXIS
2014-09-19 13:04 - 2011-08-19 10:51 - 00030722 _____ () C:\Windows\DPINST.LOG
2014-09-19 13:04 - 2011-08-19 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEXIS
2014-09-19 13:00 - 2011-08-19 10:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-19 12:58 - 2014-08-20 09:27 - 00000000 ____D () C:\Users\Dr G 2\AppData\Local\Adobe
2014-09-19 08:23 - 2014-09-19 08:23 - 15568184 _____ (Elex do Brasil Participações Ltda) C:\Users\Dr G 2\Downloads\yet_another_cleaner_sk.exe
2014-09-19 08:01 - 2014-09-19 08:00 - 11194928 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\HitmanPro_x64.exe
2014-09-19 07:49 - 2014-09-19 07:49 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 07:41 - 2014-09-19 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-19 07:41 - 2014-09-19 07:40 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-19 07:41 - 2013-10-24 07:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-19 07:41 - 2011-02-23 18:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-19 07:38 - 2014-09-19 07:38 - 00918952 _____ (Oracle Corporation) C:\Users\Dr G 2\Downloads\jxpiinstall(1).exe
2014-09-18 16:30 - 2014-09-18 16:30 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Dr G 2\Downloads\Shockwave_Installer_Slim.exe
2014-09-18 16:30 - 2012-11-16 15:11 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-09-18 16:26 - 2014-09-18 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 16:26 - 2012-05-08 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 14:25 - 2014-09-18 14:25 - 01373475 _____ () C:\Users\Dr G 2\Downloads\AdwCleaner.exe
2014-09-16 15:11 - 2013-02-22 12:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 11:01 - 2014-09-16 11:01 - 00003156 _____ () C:\Windows\System32\Tasks\{B90477C9-EF70-4CF5-816C-5334968AA2A2}
2014-09-16 07:51 - 2014-09-16 07:51 - 00000000 ____D () C:\Program Files (x86)\Baidu
2014-09-15 14:06 - 2014-09-15 14:03 - 00000954 _____ () C:\Users\Dr G 2\AppData\Roaming\coreavc.ini
2014-09-15 14:01 - 2014-09-15 14:01 - 00000000 ____D () C:\ProgramData\KuaiWan
2014-09-15 14:01 - 2014-09-15 14:00 - 26727760 _____ (Shenzhen Qvod Technology Co.,Ltd) C:\Users\Dr G 2\Downloads\QvodPlus_5.15.148.0_bd.exe
2014-09-10 04:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 03:04 - 2013-08-14 18:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:04 - 2011-07-22 10:49 - 00795476 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:02 - 2011-07-17 16:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-04 11:24 - 2014-07-09 08:01 - 00000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
2014-09-04 11:24 - 2014-07-09 08:00 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-09-03 08:44 - 2014-07-07 10:36 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-03 08:44 - 2014-07-07 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 17:35 - 2014-09-02 17:35 - 11582114 _____ () C:\Users\Dr G 2\Downloads\video-2014-09-02-17-29-42.mp4
2014-09-02 08:40 - 2014-09-02 08:40 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-02 08:40 - 2014-09-02 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 08:39 - 2014-09-02 08:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 08:39 - 2014-09-02 08:38 - 00000000 ____D () C:\Program Files\iTunes
2014-09-02 08:39 - 2014-09-02 08:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-02 08:38 - 2014-09-02 08:38 - 00000000 ____D () C:\Program Files\iPod
2014-08-29 08:12 - 2009-07-14 00:45 - 00295552 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Dr G 2\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 08:27

==================== End Of Log ============================


  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Thank you for the log :)

Let's clear away a few items that have been orphaned and then we'll scan for remnants. How is the machine running now?

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]
C:\Users\Dr G 2\Downloads\QvodPlus_5.15.148.0_bd.exe
HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\exefile: <===== ATTENTION!
Task: {1FC0413D-5CB2-4CC6-AA6E-B25FE133D145} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {22E26024-9048-4EE8-9B36-39B9DB38622C} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {F28CD4C3-15A8-4D87-810D-497CBDD95FCD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 2: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 3: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 4: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • Fixlog.txt Log
  • MBAM Log
  • ESET Scan Log
  • SecurityCheck Log

  • 0

#7
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

System is running *much* faster now and hao123.com homepage is gone! Thank you again for your ongoing help.

 

My impression is that the cause(s) of this mess include the QVOD player and/or a baidu toolbar. What do you think?

 

Let me know after reviewing the following if this process is likely to complete before one of us passes on. (I'm 53 and in very good health so far.)  :)

Perhaps this will be my legacy!  LOL

 

- CT

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014
Ran by Dr G 2 at 2014-09-26 00:21:42 Run:1
Running from C:\Users\Dr G 2\Desktop
Loaded Profiles: Dr G 2 & LogMeInRemoteUser (Available profiles: Dr G 2 & LogMeInRemoteUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]
C:\Users\Dr G 2\Downloads\QvodPlus_5.15.148.0_bd.exe
HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\exefile: <===== ATTENTION!
Task: {1FC0413D-5CB2-4CC6-AA6E-B25FE133D145} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {22E26024-9048-4EE8-9B36-39B9DB38622C} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {F28CD4C3-15A8-4D87-810D-497CBDD95FCD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
End
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key not found.
vToolbarUpdater3.1.0 => Service deleted successfully.
C:\Users\Dr G 2\Downloads\QvodPlus_5.15.148.0_bd.exe => Moved successfully.
"HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\Software\Classes\exefile" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FC0413D-5CB2-4CC6-AA6E-B25FE133D145}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FC0413D-5CB2-4CC6-AA6E-B25FE133D145}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmartDefrag_Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22E26024-9048-4EE8-9B36-39B9DB38622C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22E26024-9048-4EE8-9B36-39B9DB38622C}" => Key deleted successfully.
C:\Windows\System32\Tasks\ASC4_PerformanceMonitor => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC4_PerformanceMonitor" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F28CD4C3-15A8-4D87-810D-497CBDD95FCD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F28CD4C3-15A8-4D87-810D-497CBDD95FCD}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmartDefrag_Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup" => Key deleted successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/26/2014
Scan Time: 12:27:21 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.26.01
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dr G 2

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371538
Time Elapsed: 11 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3f958d450f227043918b4825e0bd8e92
# engine=20307
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-26 06:19:02
# local_time=2014-09-26 02:19:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 0 97903126 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13149805 163255792 0 0
# scanned=192066
# found=11
# cleaned=0
# scan_time=5854
sh=6927582A94840E7BAACE69691E0515802E0792E2 ft=1 fh=ac026a26163a2049 vn="Win64/Adware.Adpeak.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\010\mkvtccivnf64.exe.vir"
sh=744A0640927DA7065DC79212074BF7D69FDD316F ft=1 fh=0394227f5f901456 vn="Win32/SmootherWeb.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\SmootherWeb\Uninstall.exe.vir"
sh=491B198584CCC2E42481B250B00F21396492F1BF ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dr G 2\AppData\Roaming\SmootherWeb\[email protected]"
sh=0C53AD8C5815EC193F269B7F4225526331F55560 ft=1 fh=428351b47f1227d5 vn="Win32/SmootherWeb.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dr G 2\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe.vir"
sh=491B198584CCC2E42481B250B00F21396492F1BF ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B potentially unwanted application" ac=I fn="C:\Users\Dr G 2\Desktop\Old Firefox Data\qn6a5f36.default-1411266870128\extensions\[email protected]"
sh=491B198584CCC2E42481B250B00F21396492F1BF ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B potentially unwanted application" ac=I fn="C:\Users\Dr G 2\Desktop\Old Firefox Data\ysikgobd.default-1411128442423\extensions\[email protected]"
sh=73015CF7A92047C909187CA2463ED2D4CA391DE1 ft=1 fh=81fae6a0ae917d5c vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Dr G 2\Documents\My Documents\Downloads\disk-defrag-setup.exe"
sh=ACFAAC92B5210832B185D476D047B1C2733D792A ft=1 fh=a510a895afb6c194 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Dr G 2\Downloads\CrystalDiskInfo6_1_12-en.exe"
sh=7AB4CA8669E442282E8388EF7DB15F9A5A8AC24B ft=1 fh=4776f494c09aaa7e vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(1).exe"
sh=7AB4CA8669E442282E8388EF7DB15F9A5A8AC24B ft=1 fh=4776f494c09aaa7e vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(2).exe"
sh=59FC208F5712B82313B8AF14398A88440F8346D0 ft=1 fh=f0880253c09aaa7e vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup.exe"
 

-------------------------------------

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 AVG Web TuneUp   
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.2)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

System is running *much* faster now and hao123.com homepage is gone! Thank you again for your ongoing help.



My impression is that the cause(s) of this mess include the QVOD player and/or a baidu toolbar. What do you think?


:thumbsup: That's what I like to hear. :) Indeed, the QVOD player is something we've been seeing and removing for a while now. Also, there's some Baidu items I will need to remove. That's not something you installed, is it?





Let me know after reviewing the following if this process is likely to complete before one of us passes on. (I'm 53 and in very good health so far.) :)

Perhaps this will be my legacy! LOL


:lol:


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
(????????(??)????) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
C:\Program Files (x86)\Common Files\Baidu
R2 BDSGRTP; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe [1101152 2013-12-10] (????????(??)????)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [104264 2013-12-10] (Baidu)
R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [168264 2013-12-10] (Baidu)
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Windows\System32\DRIVERS\bd0004.sys
C:\ProgramData\Baidu
2014-09-16 07:51 - 2013-12-10 03:53 - 00041800 _____ (Baidu) C:\Windows\system32\bd64_x64.dll
2014-09-16 07:51 - 2013-12-10 03:53 - 00039056 _____ (Baidu) C:\Windows\system32\bd64_x86.dll
2014-09-16 07:51 - 2014-09-16 07:51 - 00000000 ____D () C:\Program Files (x86)\Baidu
C:\Users\Dr G 2\Desktop\Old Firefox Data\qn6a5f36.default-1411266870128\extensions\[email protected]
C:\Users\Dr G 2\Desktop\Old Firefox Data\ysikgobd.default-1411128442423\extensions\[email protected]
C:\Users\Dr G 2\Documents\My Documents\Downloads\disk-defrag-setup.exe
C:\Users\Dr G 2\Downloads\CrystalDiskInfo6_1_12-en.exe
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(1).exe
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(2).exe
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

  • 0

#9
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I'm not the only user of this system. Can't say who installed what or when.

 

What do you suggest as an alternative to CrystalDiskInfo then? I like Passmark DiskInfo, but sometimes it won't report SMART info from a disk when Crystal will.

 

Continued thanks.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014
Ran by Dr G 2 at 2014-09-26 07:24:16 Run:2
Running from C:\Users\Dr G 2\Desktop
Loaded Profiles: Dr G 2 & LogMeInRemoteUser (Available profiles: Dr G 2 & LogMeInRemoteUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
(????????(??)????) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
C:\Program Files (x86)\Common Files\Baidu
R2 BDSGRTP; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe [1101152 2013-12-10] (????????(??)????)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [104264 2013-12-10] (Baidu)
R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [168264 2013-12-10] (Baidu)
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Windows\System32\DRIVERS\bd0004.sys
C:\ProgramData\Baidu
2014-09-16 07:51 - 2013-12-10 03:53 - 00041800 _____ (Baidu) C:\Windows\system32\bd64_x64.dll
2014-09-16 07:51 - 2013-12-10 03:53 - 00039056 _____ (Baidu) C:\Windows\system32\bd64_x86.dll
2014-09-16 07:51 - 2014-09-16 07:51 - 00000000 ____D () C:\Program Files (x86)\Baidu
C:\Users\Dr G 2\Desktop\Old Firefox Data\qn6a5f36.default-1411266870128\extensions\[email protected]
C:\Users\Dr G 2\Desktop\Old Firefox Data\ysikgobd.default-1411128442423\extensions\[email protected]
C:\Users\Dr G 2\Documents\My Documents\Downloads\disk-defrag-setup.exe
C:\Users\Dr G 2\Downloads\CrystalDiskInfo6_1_12-en.exe
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(1).exe
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(2).exe
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup.exe
End
*****************

(????????(??)????) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Common Files\Baidu => Moved successfully.
BDSGRTP => Service deleted successfully.
bd0001 => Unable to stop service
bd0001 => Error deleting Service
bd0004 => Unable to stop service
bd0004 => Error deleting Service
C:\Windows\System32\DRIVERS\bd0001.sys => Moved successfully.
C:\Windows\System32\DRIVERS\bd0004.sys => Moved successfully.
C:\ProgramData\Baidu => Moved successfully.
C:\Windows\system32\bd64_x64.dll => Moved successfully.
C:\Windows\system32\bd64_x86.dll => Moved successfully.
C:\Program Files (x86)\Baidu => Moved successfully.
C:\Users\Dr G 2\Desktop\Old Firefox Data\qn6a5f36.default-1411266870128\extensions\[email protected] => Moved successfully.
C:\Users\Dr G 2\Desktop\Old Firefox Data\ysikgobd.default-1411128442423\extensions\[email protected] => Moved successfully.
C:\Users\Dr G 2\Documents\My Documents\Downloads\disk-defrag-setup.exe => Moved successfully.
C:\Users\Dr G 2\Downloads\CrystalDiskInfo6_1_12-en.exe => Moved successfully.
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(1).exe => Moved successfully.
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup(2).exe => Moved successfully.
C:\Users\Dr G 2\Downloads\junkwareremovaltool-setup.exe => Moved successfully.

==== End of Fixlog ====


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

What do you suggest as an alternative to CrystalDiskInfo then? I like Passmark DiskInfo, but sometimes it won't report SMART info from a disk when Crystal will.


I've sent a message to one of our techs and asked what he would suggest, as that's a bit out of my area. However, I'd like to get another scan with FRST, as the fixlog showed some errors in getting rid of some of the files.

We're almost finished :) I just like being thorough.
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

FRST Log

  • 0

Advertisements


#11
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Aside from a slew of AVs and cleaners, it looks pretty good, doesn't it?

 

- CT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Dr G 2 (administrator) on DRG2-PC on 27-09-2014 03:03:25
Running from C:\Users\Dr G 2\Desktop
Loaded Profiles: Dr G 2 & LogMeInRemoteUser (Available profiles: Dr G 2 & LogMeInRemoteUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Henry Schein, Inc.) C:\Program Files (x86)\EzDental\SystemTray.exe
(Dental Imaging Technologies Corp.) C:\Program Files (x86)\DEXIS\integra.exe
(Henry Schein, Inc.) C:\Program Files (x86)\EzDental\WebSyncReminder.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-12] (Realtek Semiconductor)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-01-11] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1637667928-3353661172-2275376855-1000\...\Run: [SystemTray.exe] => C:\Program Files (x86)\EzDental\SystemTray.exe [130200 2012-04-02] (Henry Schein, Inc.)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 6] => "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
IFEO\ehshell.exe: [Debugger] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DEXIS Integrator.lnk
ShortcutTarget: DEXIS Integrator.lnk -> C:\Program Files (x86)\DEXIS\integra.exe (Dental Imaging Technologies Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eSync Reminder.lnk
ShortcutTarget: eSync Reminder.lnk -> C:\Program Files (x86)\EzDental\eSyncReminder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebSync Reminder.lnk
ShortcutTarget: WebSync Reminder.lnk -> C:\Program Files (x86)\EzDental\WebSyncReminder.exe (Henry Schein, Inc.)
Startup: C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D298} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dr G 2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Dr G 2\AppData\Roaming\Mozilla\Firefox\Profiles\dr039pcw.default-1411311733481
FF Homepage: hxxp://www.google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-19] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-19] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-01-11] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-09] (AVG Technologies)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
R1 bd0001; system32\DRIVERS\bd0001.sys [X]
R1 bd0004; system32\DRIVERS\bd0004.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 00:47 - 2014-09-26 00:47 - 00854417 _____ () C:\Users\Dr G 2\Desktop\SecurityCheck.exe
2014-09-26 00:34 - 2014-09-26 00:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-26 00:21 - 2014-09-26 00:21 - 00000000 ____D () C:\Users\Dr G 2\Desktop\FRST-OlderVersion
2014-09-25 07:54 - 2014-09-25 07:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 02:04 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 02:04 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 01:36 - 2014-09-24 01:37 - 00025251 _____ () C:\Users\Dr G 2\Desktop\Addition.txt
2014-09-24 01:31 - 2014-09-27 03:03 - 00014256 _____ () C:\Users\Dr G 2\Desktop\FRST.txt
2014-09-24 01:30 - 2014-09-27 03:03 - 00000000 ____D () C:\FRST
2014-09-24 01:29 - 2014-09-26 00:21 - 02108928 _____ (Farbar) C:\Users\Dr G 2\Desktop\FRST64.exe
2014-09-24 01:22 - 2014-09-24 01:22 - 01373475 _____ () C:\Users\Dr G 2\Desktop\AdwCleaner.exe
2014-09-24 01:19 - 2014-09-24 01:19 - 00000896 _____ () C:\Users\Dr G 2\Desktop\JRT.txt
2014-09-24 01:14 - 2014-09-24 01:13 - 01024790 _____ (Thisisu) C:\Users\Dr G 2\Desktop\JRT(1).exe
2014-09-24 01:13 - 2014-09-24 01:13 - 01024790 _____ (Thisisu) C:\Users\Dr G 2\Downloads\JRT(1).exe
2014-09-24 01:05 - 2014-09-24 01:05 - 00000000 ____D () C:\_OTL
2014-09-23 00:13 - 2014-09-23 00:13 - 00097790 _____ () C:\Users\Dr G 2\Downloads\OTL.Txt
2014-09-23 00:13 - 2014-09-23 00:13 - 00057778 _____ () C:\Users\Dr G 2\Downloads\Extras.Txt
2014-09-23 00:02 - 2014-09-23 00:02 - 00602112 _____ (OldTimer Tools) C:\Users\Dr G 2\Desktop\OTL.exe
2014-09-22 23:44 - 2014-09-22 23:44 - 01373475 _____ () C:\Users\Dr G 2\Downloads\AdwCleaner(1).exe
2014-09-22 23:27 - 2014-09-22 23:27 - 00000000 ___SD () C:\Users\Dr G 2\Documents\Passwords Database
2014-09-21 15:35 - 2014-09-21 15:37 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\Dr G 2\Downloads\pur13.0.2.558abcdEN_5352.exe
2014-09-21 15:07 - 2014-09-21 15:07 - 19398920 _____ (SUPERAntiSpyware) C:\Users\Dr G 2\Downloads\SUPERAntiSpyware.exe
2014-09-21 14:04 - 2014-09-21 14:05 - 10861216 _____ () C:\Users\Dr G 2\Downloads\defender_pro_free_2014.exe
2014-09-21 13:41 - 2014-09-21 13:41 - 00000480 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-09-21 13:38 - 2014-09-21 13:39 - 00593488 _____ () C:\Users\Dr G 2\Downloads\STOPzillaASM_Setup.exe
2014-09-21 11:15 - 2014-09-21 11:15 - 00000000 _____ () C:\autoexec.bat
2014-09-21 11:12 - 2014-09-21 11:12 - 00002262 _____ () C:\Users\Dr G 2\Desktop\SpyHunter.lnk
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\sh4ldr
2014-09-21 11:12 - 2014-09-21 11:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 11:10 - 2014-09-21 11:10 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dr G 2\Downloads\SpyHunter-Installer.exe
2014-09-21 08:04 - 2014-09-24 01:25 - 00000000 ____D () C:\AdwCleaner
2014-09-20 20:56 - 2014-09-20 20:56 - 00018180 _____ () C:\Windows\system32\.crusader
2014-09-20 20:49 - 2014-09-20 20:50 - 01876816 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\hmpalert.exe
2014-09-20 20:49 - 2014-09-20 20:49 - 11194928 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\HitmanPro_x64(1).exe
2014-09-20 20:47 - 2014-09-20 20:48 - 10280824 _____ (SurfRight B.V.) C:\Users\Dr G 2\Documents\HitmanPro.exe
2014-09-20 20:38 - 2014-09-20 20:56 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-09-20 20:38 - 2014-09-20 20:38 - 00003280 _____ () C:\Windows\System32\Tasks\Malware Protection 360
2014-09-20 20:34 - 2014-09-20 20:34 - 00000000 ____D () C:\Users\Dr G 2\Downloads\HitmanPro_TSV622G7N
2014-09-20 20:34 - 2014-09-20 20:34 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_HitmanPro_1967438
2014-09-20 18:38 - 2014-09-20 21:20 - 00000000 ____D () C:\Program Files\92B36EB2-53CA-4C72-9832-65CCF55DEDB1
2014-09-20 16:21 - 2014-09-20 16:21 - 00000000 ____D () C:\Users\Dr G 2\AppData\Local\LogMeInIgnition
2014-09-19 19:32 - 2014-09-19 19:32 - 00026224 _____ () C:\ComboFix.txt
2014-09-19 16:33 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-19 16:33 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-19 16:33 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-19 16:33 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-19 16:32 - 2014-09-19 19:32 - 00000000 ____D () C:\Qoobox
2014-09-19 16:32 - 2014-09-19 19:30 - 00000000 ____D () C:\Windows\erdnt
2014-09-19 16:31 - 2014-09-19 16:31 - 05578824 ____R (Swearware) C:\Users\Dr G 2\Downloads\ComboFix.exe
2014-09-19 13:04 - 2014-09-19 13:04 - 00001960 _____ () C:\Users\Public\Desktop\DEXIS Imaging Suite.lnk
2014-09-19 13:04 - 2014-09-19 13:04 - 00000000 ____D () C:\Windows\SysWOW64\Fusion
2014-09-19 13:04 - 2014-09-19 13:04 - 00000000 ____D () C:\Windows\SysWOW64\DEXusb_Loader
2014-09-19 08:23 - 2014-09-19 08:23 - 15568184 _____ (Elex do Brasil Participações Ltda) C:\Users\Dr G 2\Downloads\yet_another_cleaner_sk.exe
2014-09-19 08:07 - 2014-09-21 11:02 - 00000000 ____D () C:\Users\Dr G 2\Desktop\Old Firefox Data
2014-09-19 08:01 - 2014-09-20 20:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-19 08:00 - 2014-09-19 08:01 - 11194928 _____ (SurfRight B.V.) C:\Users\Dr G 2\Downloads\HitmanPro_x64.exe
2014-09-19 07:49 - 2014-09-20 18:46 - 01016261 _____ (Thisisu) C:\Users\Dr G 2\Downloads\JRT.exe
2014-09-19 07:49 - 2014-09-19 07:49 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 07:41 - 2014-09-19 07:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-19 07:41 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-19 07:41 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-19 07:41 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-19 07:41 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-19 07:40 - 2014-09-19 07:41 - 00004578 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-19 07:38 - 2014-09-19 07:38 - 00918952 _____ (Oracle Corporation) C:\Users\Dr G 2\Downloads\jxpiinstall(1).exe
2014-09-18 16:30 - 2014-09-18 16:30 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Dr G 2\Downloads\Shockwave_Installer_Slim.exe
2014-09-18 14:25 - 2014-09-18 14:25 - 01373475 _____ () C:\Users\Dr G 2\Downloads\AdwCleaner.exe
2014-09-16 11:01 - 2014-09-16 11:01 - 00003156 _____ () C:\Windows\System32\Tasks\{B90477C9-EF70-4CF5-816C-5334968AA2A2}
2014-09-15 14:03 - 2014-09-15 14:06 - 00000954 _____ () C:\Users\Dr G 2\AppData\Roaming\coreavc.ini
2014-09-15 14:01 - 2014-09-15 14:01 - 00000000 ____D () C:\ProgramData\KuaiWan
2014-09-10 03:06 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 03:06 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 03:06 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 03:06 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 03:06 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:06 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 03:06 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 03:06 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 03:06 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 03:06 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 03:06 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:06 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:06 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 03:06 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 03:06 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 03:06 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 03:06 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 03:06 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 03:06 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:06 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 03:06 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:06 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 03:06 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 03:06 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:06 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 03:06 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 03:06 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 03:06 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 03:06 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 03:06 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 03:06 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 03:06 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 03:06 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 03:06 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 03:06 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 03:06 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 03:06 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 03:06 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 03:06 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 03:06 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 03:06 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:06 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 03:06 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 03:06 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 03:06 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 03:06 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 03:06 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 03:06 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 03:06 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 03:06 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 03:06 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 03:06 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 03:06 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 03:06 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 03:06 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 03:06 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 03:00 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 03:00 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 01:50 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 01:50 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 01:50 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 01:50 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 01:50 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 01:50 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 01:50 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 01:50 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 01:50 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-02 17:35 - 2014-09-02 17:35 - 11582114 _____ () C:\Users\Dr G 2\Downloads\video-2014-09-02-17-29-42.mp4
2014-09-02 08:40 - 2014-09-02 08:40 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-02 08:40 - 2014-09-02 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-02 08:38 - 2014-09-02 08:39 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 08:38 - 2014-09-02 08:39 - 00000000 ____D () C:\Program Files\iTunes
2014-09-02 08:38 - 2014-09-02 08:39 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-02 08:38 - 2014-09-02 08:38 - 00000000 ____D () C:\Program Files\iPod
2014-08-28 07:27 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:27 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:27 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 03:29 - 2012-04-04 08:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 03:02 - 2011-07-17 17:59 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-26 17:38 - 2014-04-16 05:20 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-26 14:13 - 2009-07-14 00:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 14:13 - 2009-07-14 00:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 11:38 - 2011-10-05 17:15 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\ZoomBrowser EX
2014-09-26 11:37 - 2011-07-17 16:33 - 00000000 ____D () C:\ProgramData\ZoomBrowser
2014-09-26 11:23 - 2009-07-14 01:13 - 00801100 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 10:37 - 2011-09-09 09:26 - 00000000 ____D () C:\Program Files (x86)\Client Bookkeeping Solution
2014-09-26 10:35 - 2011-08-19 10:11 - 00003450 _____ () C:\Windows\EZDENTAL.ini
2014-09-26 10:01 - 2013-05-21 15:17 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-09-26 09:17 - 2009-07-14 01:10 - 01226186 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 09:03 - 2012-10-26 18:13 - 00000000 ____D () C:\ProgramData\Danaher_Dental
2014-09-26 00:27 - 2014-08-07 04:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-25 07:34 - 2012-05-25 09:41 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\Dropbox
2014-09-25 07:28 - 2014-01-21 12:24 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-09-25 07:28 - 2014-01-21 12:23 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-09-25 07:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 07:28 - 2009-07-14 00:51 - 00079329 _____ () C:\Windows\setupact.log
2014-09-24 03:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-24 01:26 - 2011-02-23 19:53 - 00317496 _____ () C:\Windows\PFRO.log
2014-09-24 01:00 - 2012-05-11 10:12 - 00000000 ____D () C:\Users\Dr G 2\AppData\Roaming\Apple Computer
2014-09-23 22:29 - 2012-04-04 08:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 22:29 - 2012-04-04 08:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 22:29 - 2011-10-04 08:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 17:19 - 2014-06-02 18:11 - 00000000 ____D () C:\Users\Dr G 2\Documents\K1-2013 puroil
2014-09-21 08:29 - 2011-02-23 18:17 - 00000000 ____D () C:\Windows\system32\log
2014-09-20 22:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security
2014-09-20 18:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-09-19 19:32 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-09-19 19:25 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-19 19:24 - 2009-07-13 22:34 - 76546048 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-19 19:24 - 2009-07-13 22:34 - 15990784 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-19 19:24 - 2009-07-13 22:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-19 19:24 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-19 19:24 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-19 16:40 - 2011-07-17 16:01 - 00000000 ____D () C:\Users\Dr G 2
2014-09-19 13:04 - 2012-10-26 18:13 - 00000000 ____D () C:\Program Files (x86)\DEXIS
2014-09-19 13:04 - 2011-08-19 10:51 - 00030722 _____ () C:\Windows\DPINST.LOG
2014-09-19 13:04 - 2011-08-19 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEXIS
2014-09-19 13:00 - 2011-08-19 10:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-19 12:58 - 2014-08-20 09:27 - 00000000 ____D () C:\Users\Dr G 2\AppData\Local\Adobe
2014-09-19 07:41 - 2013-10-24 07:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-19 07:41 - 2011-02-23 18:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-18 16:30 - 2012-11-16 15:11 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-09-18 16:26 - 2012-05-08 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-16 15:11 - 2013-02-22 12:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-10 03:04 - 2013-08-14 18:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 03:04 - 2011-07-22 10:49 - 00795476 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 03:02 - 2011-07-17 16:22 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-04 11:24 - 2014-07-09 08:01 - 00000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
2014-09-04 11:24 - 2014-07-09 08:00 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-09-03 08:44 - 2014-07-07 10:36 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-03 08:44 - 2014-07-07 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-29 08:12 - 2009-07-14 00:45 - 00295552 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Dr G 2\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 00:07

==================== End Of Log ============================


  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Aside from a slew of AVs and cleaners, it looks pretty good, doesn't it?


Looks excellent :) I'm still awaiting a response from my colleague, but let's clear away 2 small items FRST found. :thumbsup:

Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
R1 bd0001; system32\DRIVERS\bd0001.sys [X]
R1 bd0004; system32\DRIVERS\bd0004.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

  • 0

#13
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Sorry for the delay in getting back to you. I'll do this first chance I get and let you know.

 

Thanks again.


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Sorry for the delay in getting back to you. I'll do this first chance I get and let you know.
 
Thanks again.


No worries and you are welcome. :)
  • 0

#15
CGTIII

CGTIII

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-09-2014
Ran by Dr G 2 at 2014-09-30 09:14:51 Run:3
Running from C:\Users\Dr G 2\Desktop
Loaded Profiles: Dr G 2 & LogMeInRemoteUser (Available profiles: Dr G 2 & LogMeInRemoteUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
R1 bd0001; system32\DRIVERS\bd0001.sys [X]
R1 bd0004; system32\DRIVERS\bd0004.sys [X]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End
*****************

bd0001 => Service deleted successfully.
bd0004 => Service deleted successfully.

=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog ====


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP