Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win7 extremely slow [Solved]


  • This topic is locked This topic is locked

#1
pnavce

pnavce

    Member

  • Member
  • PipPip
  • 29 posts

PC start up takes 3-6 minutes,

Chrome takes another 5-7 minutes,

Something is continually changing settings so it is looking for a 'proxy server',

Downloading is pretty slow but uploading is slower than a snail,

 

Here is my OTL.exe log

 

OTL logfile created on: 10/2/2014 12:33:35 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philip\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 31.99% Memory free
3.50 Gb Paging File | 1.19 Gb Available in Paging File | 34.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 147.98 Gb Free Space | 51.84% Space Free | Partition Type: NTFS
Drive D: | 12.54 Gb Total Space | 1.54 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
Drive F: | 465.66 Gb Total Space | 447.70 Gb Free Space | 96.14% Space Free | Partition Type: NTFS
 
Computer Name: PHILIP-HP | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/02 00:32:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Downloads\OTL.exe
PRC - [2014/10/01 14:43:00 | 001,424,104 | ---- | M] () -- C:\Program Files (x86)\Search Extensions\Client.exe
PRC - [2014/09/27 11:39:23 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/09/23 00:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/12 20:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/22 14:10:10 | 004,486,944 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
PRC - [2014/08/22 13:56:00 | 002,281,248 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
PRC - [2014/08/18 17:36:14 | 000,893,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2014/07/31 17:03:57 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe
PRC - [2014/07/23 08:44:16 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/07/04 10:52:40 | 001,617,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2014/05/15 13:29:06 | 000,342,336 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/01 21:57:24 | 000,043,008 | ---- | M] () -- c:\Users\Philip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjkxvvk.dll
MOD - [2014/10/01 14:43:00 | 001,424,104 | ---- | M] () -- C:\Program Files (x86)\Search Extensions\Client.exe
MOD - [2014/09/23 00:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll
MOD - [2014/09/23 00:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014/09/23 00:06:58 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
MOD - [2014/09/23 00:06:56 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
MOD - [2014/09/23 00:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
MOD - [2014/09/13 06:16:47 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll
MOD - [2014/09/13 06:16:15 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll
MOD - [2014/09/13 06:15:54 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll
MOD - [2014/09/13 06:15:38 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll
MOD - [2014/09/13 06:14:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll
MOD - [2014/09/13 06:13:54 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/09/12 20:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/02 19:06:40 | 001,281,312 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Scan.dll
MOD - [2013/10/25 12:08:02 | 000,517,408 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/09 23:27:11 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/04 21:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/04 21:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2014/09/24 13:55:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/19 16:09:48 | 002,282,272 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/08/18 17:36:14 | 000,893,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2014/07/31 17:03:57 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe -- (NIS)
SRV - [2014/07/23 08:44:16 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/06/06 00:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/15 13:29:06 | 000,342,336 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/11 18:08:26 | 000,903,456 | ---- | M] (Cloud Engines, Inc.) [Auto | Running] -- C:\Program Files (x86)\PogoplugPC\hbadmin.exe -- (HBAdmin)
SRV - [2012/11/08 11:39:36 | 000,174,176 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe -- (PACSPTISVR-Sound_Organizer)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/01 21:57:05 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/06/04 15:17:14 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/04 00:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 21:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 21:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/02/10 10:34:38 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/01/12 21:34:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/01/12 21:34:25 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2014/01/05 20:06:09 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/04/12 17:00:38 | 000,039,712 | ---- | M] (Cloud Engines, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xcetap0.sys -- (xcetap0)
DRV:64bit: - [2013/03/14 13:18:55 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2013/01/20 02:16:48 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/04 07:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/18 11:11:52 | 000,013,312 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV:64bit: - [2006/11/27 12:21:28 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\RxFilter.sys -- (RxFilter)
DRV - [2014/09/23 14:00:10 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141001.002\ex64.sys -- (NAVEX15)
DRV - [2014/09/23 14:00:10 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141001.002\eng64.sys -- (NAVENG)
DRV - [2014/09/12 18:11:19 | 001,586,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/09/10 08:04:43 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/09/10 08:04:42 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/29 16:29:11 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140930.003\IDSviA64.sys -- (IDSVia64)
DRV - [2013/11/19 16:10:36 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013/11/19 16:10:36 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/27 12:21:28 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3CC8EA46-C645-4134-A48D-0C77F46A73B3}
IE:64bit: - HKLM\..\SearchScopes\{3CC8EA46-C645-4134-A48D-0C77F46A73B3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{AC4E08EF-2183-450E-B346-D4163BA55119}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D1564CAF-8680-4433-9C61-28CBD2EB9C6C}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{E9004766-02D9-486D-9039-AC1A3A664D31}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
IE - HKLM\..\SearchScopes,DefaultScope = {E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}
IE - HKLM\..\SearchScopes\{3CC8EA46-C645-4134-A48D-0C77F46A73B3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{AC4E08EF-2183-450E-B346-D4163BA55119}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D1564CAF-8680-4433-9C61-28CBD2EB9C6C}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{E9004766-02D9-486D-9039-AC1A3A664D31}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.only-sear...1FF7EB&tsp=5362
IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}
IE - HKCU\..\SearchScopes\{D1564CAF-8680-4433-9C61-28CBD2EB9C6C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D24C2116-C3A1-4C23-AB0D-48592409E429}: "URL" = http://www.only-sear...rchTerms}&r=218
IE - HKCU\..\SearchScopes\{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}: "URL" = http://search.condui...4682429425&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49830;https=127.0.0.1:49830
 
========== FireFox ==========
 
FF - prefs.js..CT3268934.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultthis.engineName: "Vgrabber v1 Customized Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.only-sear...FF7EB&tsp=5362"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\GvNPRT: C:\Program Files (x86)\GvNPRT\nprt_gvx.dll ( )
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Philip\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/10/01 21:56:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/30 14:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/24 14:36:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/30 14:55:03 | 000,000,000 | ---D | M]
 
[2013/05/21 11:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\Mozilla\Extensions
[2014/09/29 18:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions
[2014/09/13 06:38:00 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions\[email protected]
[2014/09/06 08:26:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions\[email protected]
[2014/09/29 18:08:22 | 000,226,542 | ---- | M] () (No name found) -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions\[email protected]
[2014/01/27 22:41:45 | 000,007,373 | ---- | M] () (No name found) -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2014/09/29 18:04:55 | 000,008,061 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\searchplugins\yahoo_ff.xml
[2014/10/01 23:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/10/01 23:06:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/31 16:31:32 | 000,338,432 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nprt_gvx.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdnhokdlhndmflmklllleemdenbikla\10.82.4.29859_0\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\nativeMessaging\nmHost
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\17.2.7_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ads Removal) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4153492D-4700-A76A-76A7-7A786E7484D7} - No CLSID value found.
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - Startup: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://webcam.villag...hecker_8570.cab (OCXDownloadChecker Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34C50CC4-74F8-48A4-9B40-58E9A7F1C13E}: DhcpNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/13 21:33:34 | 000,000,000 | -H-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2011/08/29 05:08:30 | 000,000,124 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (RegistryDefragBootTime.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/01 21:41:04 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2014/10/01 21:35:12 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\MyTurboPC.com
[2014/10/01 21:35:12 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\DriverCure
[2014/10/01 21:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2014/10/01 14:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Extensions
[2014/10/01 14:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2014/10/01 08:39:40 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/10/01 08:39:40 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/27 18:04:10 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/27 18:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/27 18:02:51 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/27 18:02:51 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/27 18:02:51 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/27 18:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/27 18:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/27 11:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/09/24 14:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Solutions
[2014/09/24 14:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF Solutions
[2014/09/24 11:59:00 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Wondershare
[2014/09/24 11:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2014/09/24 11:57:33 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\Wondershare
[2014/09/24 11:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2014/09/24 11:54:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2014/09/24 08:24:43 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Microsoft Corporation
[2014/09/12 23:29:33 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/12 23:29:33 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/12 23:29:32 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/12 23:29:32 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/12 23:29:32 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/12 23:29:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/12 23:29:32 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/12 23:29:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/12 23:29:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/12 23:29:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/12 23:29:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/12 23:29:31 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/12 23:29:31 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/12 23:29:31 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/12 23:29:31 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/12 23:29:31 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/12 23:29:31 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/12 23:29:30 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/12 23:29:30 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/12 23:29:30 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/12 23:29:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/12 23:29:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/12 23:29:29 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/12 23:29:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/12 23:29:29 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/12 23:29:28 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/12 23:29:28 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/12 23:29:28 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/12 23:29:28 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/12 23:29:28 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/12 23:29:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/12 23:29:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/12 23:29:25 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/12 23:29:24 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/12 23:29:24 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/12 23:14:51 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/12 23:14:51 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/12 08:15:56 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/12 08:15:56 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/12 08:15:36 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/12 08:11:40 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/12 08:10:55 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/12 08:10:52 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/09 10:07:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/09/09 10:07:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/09/09 10:07:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/09/09 10:07:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/09/09 10:07:32 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/09/08 11:29:12 | 000,000,000 | ---D | C] -- C:\Users\Philip\Documents\CBS Class Files
[2014/09/06 08:28:43 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\HPAppData
[2014/09/06 08:27:11 | 000,021,184 | ---- | C] (IObit) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2014/09/06 08:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
[2014/09/06 08:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2014/09/06 08:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2014/09/06 08:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/02 00:24:40 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/10/02 00:24:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/01 23:44:43 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/01 22:21:06 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/01 22:21:05 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/01 21:57:05 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/01 21:55:51 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/01 21:54:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/01 21:54:21 | 1408,737,280 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/01 14:42:30 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/09/29 10:58:42 | 000,799,850 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/29 10:58:42 | 000,674,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/29 10:58:42 | 000,127,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/27 21:38:15 | 000,053,535 | ---- | M] () -- C:\Users\Philip\Desktop\food stamps.JPG
[2014/09/27 18:42:35 | 000,002,237 | ---- | M] () -- C:\Users\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/27 18:03:01 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/27 11:42:17 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/27 10:24:49 | 000,044,902 | ---- | M] () -- C:\Users\Philip\Desktop\Kisses.JPG
[2014/09/26 16:33:06 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2014/09/26 16:33:06 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/09/26 16:33:06 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPhilip.job
[2014/09/26 12:38:07 | 000,006,068 | ---- | M] () -- C:\Users\Philip\Documents\cc_20140926_123745.reg
[2014/09/24 22:08:38 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2014/09/24 21:40:50 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2014/09/24 13:55:28 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/24 13:55:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/19 09:03:49 | 000,463,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/18 14:41:53 | 000,001,055 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/12 23:27:48 | 000,791,972 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/09 10:07:32 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/09/09 10:07:32 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/09/09 10:07:32 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/09/09 10:07:32 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/09/09 10:07:32 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/09/09 10:07:32 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/09/06 08:27:06 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/09/06 08:27:05 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2014/09/06 08:20:56 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014/09/04 22:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/04 22:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
 
========== Files Created - No Company Name ==========
 
[2014/09/27 21:38:13 | 000,053,535 | ---- | C] () -- C:\Users\Philip\Desktop\food stamps.JPG
[2014/09/27 18:03:00 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/27 11:42:17 | 000,002,237 | ---- | C] () -- C:\Users\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/27 11:42:17 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/27 11:39:42 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/27 11:39:40 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/27 10:24:37 | 000,044,902 | ---- | C] () -- C:\Users\Philip\Desktop\Kisses.JPG
[2014/09/26 12:38:02 | 000,006,068 | ---- | C] () -- C:\Users\Philip\Documents\cc_20140926_123745.reg
[2014/09/06 08:27:05 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 3.lnk
[2014/09/06 08:27:02 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2014/09/06 08:26:08 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/09/06 08:20:56 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014/06/14 09:44:22 | 000,010,540 | ---- | C] () -- C:\Users\Philip\AppData\Local\rx_audio.Cache
[2013/12/08 10:28:08 | 000,000,094 | ---- | C] () -- C:\Users\Philip\AppData\Local\fusioncache.dat
[2013/10/27 15:36:44 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2013/10/23 09:49:05 | 000,000,030 | ---- | C] () -- C:\Windows\GeoDebug61.ini
[2013/10/23 09:47:00 | 000,000,024 | ---- | C] () -- C:\Windows\ocx_temp.ini
[2013/10/23 09:46:13 | 000,480,256 | ---- | C] () -- C:\Windows\VISCA.dll
[2013/10/23 09:46:13 | 000,253,952 | ---- | C] () -- C:\Windows\JxIni.dll
[2013/10/23 09:46:13 | 000,211,968 | ---- | C] ( ) -- C:\Windows\GV_AccessIni_Memory.dll
[2013/10/23 09:46:12 | 000,243,200 | ---- | C] () -- C:\Windows\GV_GeoPTZini.dll
[2013/05/20 07:06:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\38213a382622542039_c
[2013/05/17 14:35:23 | 000,207,062 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2013/05/17 14:35:23 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/05/07 13:42:37 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/26 16:53:44 | 000,000,258 | RHS- | C] () -- C:\Users\Philip\ntuser.pol
[2013/04/20 20:25:06 | 001,756,336 | ---- | C] () -- C:\Users\Philip\AppData\Local\rx_image.Cache
[2013/04/05 11:44:07 | 000,004,096 | -H-- | C] () -- C:\Users\Philip\AppData\Local\keyfile3.drm
[2013/03/30 14:18:16 | 000,206,946 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/03/17 18:36:52 | 000,165,027 | ---- | C] () -- C:\Windows\hpoins13.dat
[2013/03/17 18:36:52 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2013/03/16 14:57:08 | 000,014,848 | ---- | C] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/15 17:23:04 | 000,124,264 | R--- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2013/03/15 17:23:04 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2013/03/15 17:23:04 | 000,010,600 | R--- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2013/03/14 18:30:59 | 000,000,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2013/03/14 14:29:28 | 000,791,972 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Philip\Documents\Untitled2.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Philip\Documents\Garmin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Philip\Documents\Fax:Roxio EMC Stream
@Alternate Data Stream - 364 bytes -> C:\ProgramData\Temp:F2721624
 
< End of report >
 

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Very sorry that it has taken so long to respond to your request.

Occasionally we get very, very busy and that is the case now.

However, I do have time and desire. :)

Do you still need help or have you resolved your issue?


  • 0

#3
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

The issues are still there, especially the trying to force my browser through a proxy which I don't use (have to change settings every time I restart my PC. It is also still slow. Going to bed will check back tomorrow.


  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

Ok, let's get to work. :)

 

You've got a lot going on here (all fixable), but I'm going to take it in pieces. Just to address your initial concerns of the browser and the Proxy, yes I see it. Make sure you've got all your Bookmarks backed up before you start my fixes.

 

You have a significat amount of infections and issues with IE, FF and Chrome. I'm going to try and solve these Browser issues gently, but I may have to come back and write a custom fix to remove the bad lines.

 

Let's try a reset of each first. Let's just reset IE first. These instructions may not be exactly correct, but it should get you close and I think you can intuit the remainder.

 

I don't want to potentially break all your Browsers, so let's leave Chrome and FF for next time.

 

To reset Internet Explorer settings
■Close all Internet Explorer and Windows Explorer windows that are currently open.
■Reopen Internet Explorer.
■Click the Tools button, and then click Internet options.
■Click the Advanced tab, and then click Reset. ...
■In the Reset Internet Explorer Settings dialog box, click Reset.

 

Reboot the machine and see if IE works and doesn't bug you about the Proxy. Let me know and regardless, continue with the OTL fix.

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    :COMMANDS
    
    [SETRESTOREPOINT]
    
    :OTL
    
    O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
    
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4153492D-4700-A76A-76A7-7A786E7484D7} - No CLSID value found.
    
    O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
    
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
    
    O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
    
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
    
    O1364bit: - gopher Prefix: missing
    
    O13 - gopher Prefix: missing
    
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
    
    O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) -  File not found
    
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :COMMANDS
    
    [RESETHOSTS]
    
    [EMPTYTEMP]
    
    [REBOOT]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.

 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    
    process;
    
    services-list;
    
    systemspecs;
    
    startupall;
    
    skipfix-iedefaults;
    
    firefoxlook;
    
    chromelook;
    
    filesrcm;
    
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

While I'm working through the logs that you post back for me, be thinking about the following. You have MBAM, Norton and IOBIT installed and running on your machine. Individually, each consumes quite a bit of system resources. Imagine what all three are doing. My suggestion (and it's only a suggestion) is to uninstall MBAM and run it "on-demand"  (a couple of times a month). There's very little upside to having it installed. I feel the same about IOBIT/Registry Cleaners.  Have a read here http://miekiemoes.bl...weaking_13.html. Norton...slow, cumbersome, expensive. Maybe, with MBAM and IOBIT gone, the machine will do ok with Norton. I know you paid for it and you want to get your money's worth, however, for an a/v, Defender (free) and Avast (free) do as good or better a job and they don't hog system resources.

Ok, that's my opinion. Let me know your thoughts.


  • 0

#5
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

OK, yesterday gone all day- I had done a couple of things while waiting for your first response. So I will be posting a little extra this time, just to ensure you see all that is going on.

OTL log (10092014_071320.log) (Oct 9th)

ADW log from Oct 4th (I think)

ADW log from Oct 9th (after the OTL script run)

JRT log from Oct 4th (I think)

JRT log from Oct 9th (after the OTL script run)

ZOEK-result

 

I have wondered about all those programs running at the same time but didn't have crashes or blue screens so I figured live with the slow. Then that got beyond my patience so I found you guys. Now I agree, I will leave Norton on, get rid of MBAM and IOBIT. But will take your advice and run MBAM once a month for safety sake. Will be installing Defender and Avast. If Norton should also be removed then I will as the money is not the problem - it is all the time wasted waiting for a slow machine.

 

(OTL today)

All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[SETRESTOREPOINT]> in the current context!
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4153492D-4700-A76A-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4153492D-4700-A76A-76A7-7A786E7484D7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: dub_cm_auto
 
User: Philip
->Temp folder emptied: 485819209 bytes
->Temporary Internet Files folder emptied: 29102962 bytes
->Java cache emptied: 23189065 bytes
->FireFox cache emptied: 14923168 bytes
->Google Chrome cache emptied: 89195437 bytes
->Flash cache emptied: 68631 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9348453 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42289467 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 662.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10092014_071320

Files\Folders moved on Reboot...
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\search[1].htm moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BP85JYEY\343964-win7-extremely-slow[1].htm moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

(1st ADW run Oct 4th))

# AdwCleaner v3.311 - Report created 03/10/2014 at 14:04:38
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Philip - PHILIP-HP
# Running from : C:\Users\Philip\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Philip\AppData\Local\Conduit
Folder Deleted : C:\Users\Philip\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Philip\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Philip\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Philip\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Philip\AppData\Roaming\Strongvault
Folder Deleted : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\Smartbar
Folder Deleted : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Deleted : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb
File Deleted : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
File Deleted : C:\Users\Philip\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : RocketTab Update Task
Task Deleted : RocketTab
Task Deleted : Update Service YourFileDownloader

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jnidgldcbakaidffpjinopjbmobecifb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jnidgldcbakaidffpjinopjbmobecifb
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\RocketTabInstalled
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\RocketTab
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\prefs.js ]

Line Deleted : user_pref("CT3268934.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3268934.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3268934.1000234.TWC_TMP_city", "OCALA");
Line Deleted : user_pref("CT3268934.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3268934.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3268934.1000234.TWC_locId", "USFL0355");
Line Deleted : user_pref("CT3268934.1000234.TWC_location", "Ocala, FL");
Line Deleted : user_pref("CT3268934.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3268934.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3268934.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3268934.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.FF19Solved", "true");
Line Deleted : user_pref("CT3268934.FirstTime", "true");
Line Deleted : user_pref("CT3268934.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3268934.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3268934.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Deleted : user_pref("CT3268934.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3268934.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Deleted : user_pref("CT3268934.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3268934.SF_USER_ID", "%E9%EF%EA%E5%B8%BF%B7%B8%B6%B7%BA%B7%BC%BA%BA%BE%BC%BB%BB%BD%B6%B7%B7");
Line Deleted : user_pref("CT3268934.SF_USER_ID.enc", "Y2lkXzI5MTIwMTQxNjQ0ODY1NTcwMTE=");
Line Deleted : user_pref("CT3268934.UserID", "UN22405539101977167");
Line Deleted : user_pref("CT3268934._key_cl_active", "%EA%BB%BA%BF%BE%BB%BC%B8%B3%EB%B6%B7%BA%B3%BA%B9%EC%E8%B3%BF%BC%BC%E8%B3%E7%EB%B8%E8%B9%B8%E7%BD%B6%EB%BC%EC");
Line Deleted : user_pref("CT3268934._key_cl_active.enc", "ZDU0OTg1NjItZTAxNC00M2ZiLTk2NmItYWUyYjMyYTcwZTZm");
Line Deleted : user_pref("CT3268934._key_edilia__uID", "%BA%EC%BC%BF%BE%B6%BD%BC%B3%BC%E7%BC%B7%B3%BA%BC%BE%BC%B3%E8%BF%BC%EC%B3%EC%BB%BE%E9%EA%BD%BB%E7%BA%BF%BF%EA");
Line Deleted : user_pref("CT3268934._key_edilia__uID.enc", "NGY2OTgwNzYtNmE2MS00Njg2LWI5NmYtZjU4Y2Q3NWE0OTlk");
Line Deleted : user_pref("CT3268934.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3268934.autoDisableScopes", -1);
Line Deleted : user_pref("CT3268934.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3268934.cbfirsttime", "%DD%EB%EA%A6%D0%E7%F4%A6%B8%BF%A6%B8%B6%B7%BA%A6%B7%BC%C0%BA%B9%C0%BA%BF%A6%CD%D3%DA%B3%B6%BB%B6%B6%A6%AE%CB%E7%F9%FA%EB%F8%F4%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Deleted : user_pref("CT3268934.cbfirsttime.enc", "V2VkIEphbiAyOSAyMDE0IDE2OjQzOjQ5IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3268934.defaultSearch", "true");
Line Deleted : user_pref("CT3268934.embeddedsData", "[{\"appId\":\"129991104031171027\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3268934.enableAlerts", "true");
Line Deleted : user_pref("CT3268934.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3268934.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3268934.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3268934.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3268934.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3268934.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3268934.fixUrls", true);
Line Deleted : user_pref("CT3268934.installDate", "4/6/2013 19:21:49");
Line Deleted : user_pref("CT3268934.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3268934.installSessionId", "-1");
Line Deleted : user_pref("CT3268934.installSp", "TRUE");
Line Deleted : user_pref("CT3268934.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3268934.installUsage", "2014-01-30T00:42:58.1443109+03:00");
Line Deleted : user_pref("CT3268934.installUsageEarly", "2014-01-30T00:42:55.8354517+03:00");
Line Deleted : user_pref("CT3268934.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3268934.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3268934.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3268934.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3268934.keyword", "true");
Line Deleted : user_pref("CT3268934.lastVersion", "10.16.2.9");
Line Deleted : user_pref("CT3268934.mam_gk_appStateReportTime", "%B7%BA%B6%BE%BF%B6%B6%BF%BB%BA%BC%B6%B9");
Line Deleted : user_pref("CT3268934.mam_gk_appStateReportTime.enc", "MTQwODkwMDk1NDYwMw==");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Discover", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Easytobook", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_PriceGong", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_WindowShopper", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_app13", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_app13.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJFYXN5dG9ib29rX3RhcmdldGVkIiwidXJsIjoiaHR0cDovL2NvbmQwMS5ldGJ4bWwuY29tL2NvbmR1aXRfYnVuZGxlL3dlYi9jaGVhcC5odG1sIiwic2[...]
Line Deleted : user_pref("CT3268934.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3268934.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3268934.mam_gk_calledSetupService", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_currentBadgeValue", "%B8");
Line Deleted : user_pref("CT3268934.mam_gk_currentBadgeValue.enc", "Mg==");
Line Deleted : user_pref("CT3268934.mam_gk_currentVersion", "%B7%B4%B7%B9%B4%B6%B4%B7%BD");
Line Deleted : user_pref("CT3268934.mam_gk_currentVersion.enc", "MS4xMy4wLjE3");
Line Deleted : user_pref("CT3268934.mam_gk_eventsCache", "ā%A8%EB%E7%E8%E7%E8%BC%B7%BF%B3%BD%E7%BC%E7%B3%BA%B6%EA%BC%B3%E7%BB%EC%B8%B3%BE%EC%BD%E8%EB%B9%B7%B6%B6%EB%BE%EB%A8%C0ā%A8%FA%F5%F6%EF%E9%A8%C0%A8%[...]
Line Deleted : user_pref("CT3268934.mam_gk_eventsCache.enc", "eyJlYWJhYjYxOS03YTZhLTQwZDYtYTVmMi04ZjdiZTMxMDBlOGUiOnsidG9waWMiOiJjcmVhdGVBcHAiLCJkYXRhIjp7ImlkIjoiVXBkYXRlZF9wcml2YWN5X3BvbGljeSIsInNldHRpbmdzIjp7Im5hb[...]
Line Deleted : user_pref("CT3268934.mam_gk_existingUsersRecoveryDone", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_lastLoginTime", "%B7%BA%B6%BE%BF%B6%B6%BF%BB%BA%BF%B6%BB");
Line Deleted : user_pref("CT3268934.mam_gk_lastLoginTime.enc", "MTQwODkwMDk1NDkwNQ==");
Line Deleted : user_pref("CT3268934.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3268934.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3268934.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3268934.mam_gk_newApps", "%E1ā%A8%EF%EA%A8%C0%A8%D4%EB%FA%F9%EB%EB%F8%A8%B2%A8%F4%E7%F3%EB%A8%C0%A8%D4%EB%FA%F9%EB%EB%F8%A8%B2%A8%EA%EB%F9%E9%F8%EF%F6%FA%EF%F5%F4%A8%C0%A8%D4%EB%FA%F[...]
Line Deleted : user_pref("CT3268934.mam_gk_newApps.enc", "W3siaWQiOiJOZXRzZWVyIiwibmFtZSI6Ik5ldHNlZXIiLCJkZXNjcmlwdGlvbiI6Ik5ldHNlZXIgaXMgYSBkYXRhIGRyaXZlbiBtYXJrZXRpbmcgY29tcGFueSB3aGljaCBwcm92aWRlcyB5b3Ugd2l0aCBhZ[...]
Line Deleted : user_pref("CT3268934.mam_gk_new_welcome_experience", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3268934.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3268934.mam_gk_settings1.12.0.5", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3268934.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAxMzAiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjcwXzAiLCJSVEsiOiJINHNJQUFBQUFBQUVBT3k5QjJB[...]
Line Deleted : user_pref("CT3268934.mam_gk_settings1.13.0.17", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%[...]
Line Deleted : user_pref("CT3268934.mam_gk_settings1.13.0.17.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDA4MjQiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsIlJUSyI6IiIsImlzVGVzdCI6dHJ1ZSw[...]
Line Deleted : user_pref("CT3268934.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3268934.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3268934.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT3268934.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT3268934.mam_gk_userBornDate", "%D4%B5%C7");
Line Deleted : user_pref("CT3268934.mam_gk_userBornDate.enc", "Ti9B");
Line Deleted : user_pref("CT3268934.mam_gk_userId", "%E9%BF%B7%EA%BE%BC%BE%E8%B3%BF%BD%B6%EA%B3%BA%B8%EA%B8%B3%BF%EA%EC%EC%B3%E9%BA%B6%EB%BD%BD%EC%E9%BF%B6%EA%E9");
Line Deleted : user_pref("CT3268934.mam_gk_userId.enc", "YzkxZDg2OGItOTcwZC00MmQyLTlkZmYtYzQwZTc3ZmM5MGRj");
Line Deleted : user_pref("CT3268934.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3268934.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3268934.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fbanner.lssc.edu%2Fprod%2Ftwbkwbis.P_Logout\",\"EB_MAIN_FRAME_TITLE\":\"User%20Logout%20\",\"EB_SEARCH_TERM\":\"\",\[...]
Line Deleted : user_pref("CT3268934.openThankYouPage", "false");
Line Deleted : user_pref("CT3268934.openUninstallPage", "true");
Line Deleted : user_pref("CT3268934.originalHomepage", "hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff");
Line Deleted : user_pref("CT3268934.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=");
Line Deleted : user_pref("CT3268934.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3268934.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3268934.rematchGround.upstairs", "ā%A8%EE%FA%FA%F6%C0%B5%B5%EC%E7%F9%FA%E9%F5%F4%FA%EB%F4%FA%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%EA%F5%FD%F4%F2%F5%E7%EA%E5%F5%EC%EC%EB%F8%F9%B4%EE[...]
Line Deleted : user_pref("CT3268934.rematchGround.upstairs.enc", "eyJodHRwOi8vZmFzdGNvbnRlbnQuY29uZHVpdC5jb20vZG93bmxvYWRfb2ZmZXJzLmh0bWw/Y3RpZD1DVDMyNjg5MzR+YjEwNDN+YzAmaXNtYW5hZ2VkPXRydWUiOjEzOTI2ODk0MDIxMDZ9");
Line Deleted : user_pref("CT3268934.rematchagent-is-test-user", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3268934.rematchagent-is-test-user.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3268934.rematchagent-matkot-user-id", "%A8%B7%B9%BF%B8%BC%BE%BF%BA%B8%BB%BF%BF%BA%BB%BA%B8%B9%BA%BB%BC%A8");
Line Deleted : user_pref("CT3268934.rematchagent-matkot-user-id.enc", "IjEzOTI2ODk0MjU5OTQ1NDIzNDU2Ig==");
Line Deleted : user_pref("CT3268934.rematchagent-periodic-reports", "ā%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BF%B8%BC%BE%BF%B9%BD%BE%BF%B7%BC%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3ă");
Line Deleted : user_pref("CT3268934.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzkyNjg5Mzc4OTE2LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3268934.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3268934.search.searchAppId", "129991104031171027");
Line Deleted : user_pref("CT3268934.search.searchCount", "0");
Line Deleted : user_pref("CT3268934.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3268934.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3268934.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3268934.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3268934.searchRevert", "false");
Line Deleted : user_pref("CT3268934.searchUserMode", "2");
Line Deleted : user_pref("CT3268934.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3268934\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Vgrabberv11.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vgrabber v1\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1408901064863");
Line Deleted : user_pref("CT3268934.serviceLayer_services_appsMetadata_lastUpdate", "1408900949485");
Line Deleted : user_pref("CT3268934.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1408901064897");
Line Deleted : user_pref("CT3268934.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1391031779474");
Line Deleted : user_pref("CT3268934.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1391031782915");
Line Deleted : user_pref("CT3268934.serviceLayer_services_location_lastUpdate", "1408901065433");
Line Deleted : user_pref("CT3268934.serviceLayer_services_login_10.16.2.9_lastUpdate", "1408901064815");
Line Deleted : user_pref("CT3268934.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1408901064927");
Line Deleted : user_pref("CT3268934.serviceLayer_services_searchAPI_lastUpdate", "1408901065510");
Line Deleted : user_pref("CT3268934.serviceLayer_services_serviceMap_lastUpdate", "1408901064798");
Line Deleted : user_pref("CT3268934.serviceLayer_services_toolbarContextMenu_lastUpdate", "1408901064871");
Line Deleted : user_pref("CT3268934.serviceLayer_services_toolbarSettings_lastUpdate", "1408900949657");
Line Deleted : user_pref("CT3268934.serviceLayer_services_translation_lastUpdate", "1408901064768");
Line Deleted : user_pref("CT3268934.settingsINI", true);
Line Deleted : user_pref("CT3268934.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3268934.showToolbarPermission", "false");
Line Deleted : user_pref("CT3268934.smartbar.CTID", "CT3268934");
Line Deleted : user_pref("CT3268934.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3268934.smartbar.homepage", "true");
Line Deleted : user_pref("CT3268934.smartbar.toolbarName", "Vgrabber v1 ");
Line Deleted : user_pref("CT3268934.startPage", "true");
Line Deleted : user_pref("CT3268934.toolbarBornServerTime", "30-1-2014");
Line Deleted : user_pref("CT3268934.toolbarCurrentServerTime", "24-8-2014");
Line Deleted : user_pref("CT3268934.toolbarLoginClientTime", "Wed Jan 29 2014 16:43:02 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3268934.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3268934_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1409343490271,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268934");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber v1 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362");
Line Deleted : user_pref("extensions.searchads.insertDomains", "{\"www.only-search.com\":1}");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3268934");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3268934&CUI=UN22405539101977167&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3268934&octid=CT3268934&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268934&SearchSource=2&CUI=UN22405539101977167&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3268934");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3268934");
Line Deleted : user_pref("smartbar.machineId", "QV9F2/B/U6QALKVQGMC/FRE4TBBWN9X0IM5SJHKNTKKTLQ/N45OCSA5CLTQYS7DYAAAONUZDZX0VST5VUAGXVA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3268934&CUI=UN22405539101977167&UM=2&SearchSource=13");
Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=937811&p={searchTerms}");

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23242531695711164&ctid=CT3268935&UM=2
Deleted [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=BCPA1&o=APN10474&itbv=11.8.1.231&doi=2013-05-02&locale=en_US&apn_uid=3D50ECDE-69AE-4A94-92B8-AD88BE5175A5&apn_ptnrs=^AKZ&apn_dtid=^YYYYYY^YY^US&apn_dbr=cr_26.0.1410.64&&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23242531695711164&ctid=CT3268935&UM=2&UP=SP7E908C67-2783-46BB-96B2-A470C77F0B59&SSPV=
Deleted [Search Provider] : hxxp://www.only-search.com/?babsrc=SP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362&q={searchTerms}
Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1403629024&from=tugs&uid=ST9250410AS_5VG4BEWZ&i=psd&t=344a0cac1&q={searchTerms}
Deleted [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&t=c0120&sp=addr&q={searchTerms}

*************************

AdwCleaner[R0].txt - [26446 octets] - [03/10/2014 13:59:19]
AdwCleaner[S0].txt - [27820 octets] - [03/10/2014 14:04:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27881 octets] ##########

 

 

(Second ADW Oct 9th)

# AdwCleaner v3.311 - Report created 09/10/2014 at 07:49:02
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Philip - PHILIP-HP
# Running from : C:\Users\Philip\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications

***** [ Scheduled Tasks ] *****

Task Deleted : RocketTab Update Task
Task Deleted : RocketTab

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\RocketTabInstalled
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKLM\SOFTWARE\RocketTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362");

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.only-search.com/?babsrc=SP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362&q={searchTerms}
Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1403629024&from=tugs&uid=ST9250410AS_5VG4BEWZ&i=psd&t=344a0cac1&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23242531695711164&ctid=CT3268935&UM=2
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=BCPA1&o=APN10474&itbv=11.8.1.231&doi=2013-05-02&locale=en_US&apn_uid=3D50ECDE-69AE-4A94-92B8-AD88BE5175A5&apn_ptnrs=^AKZ&apn_dtid=^YYYYYY^YY^US&apn_dbr=cr_26.0.1410.64&&q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&t=c0120&sp=addr&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23242531695711164&ctid=CT3268935&UM=2&UP=SP7E908C67-2783-46BB-96B2-A470C77F0B59&SSPV=

*************************

AdwCleaner[R0].txt - [26446 octets] - [03/10/2014 13:59:19]
AdwCleaner[R1].txt - [3071 octets] - [09/10/2014 07:42:15]
AdwCleaner[S0].txt - [27978 octets] - [03/10/2014 14:04:38]
AdwCleaner[S1].txt - [2821 octets] - [09/10/2014 07:49:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2881 octets] ##########

 

 

(First JRT run Oct 4th)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 7 Home Premium x64
Ran by Philip on Fri 10/03/2014 at 14:21:59.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-639460975-812874640-734877944-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnpip_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnpip_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LCTaskAssistant9_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LCTaskAssistant9_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LCTaskAssistant9_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LCTaskAssistant9_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D24C2116-C3A1-4C23-AB0D-48592409E429}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AC4E08EF-2183-450E-B346-D4163BA55119}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Philip\appdata\local\cre"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Failed to delete: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

~~~ FireFox

Successfully deleted the following from C:\Users\Philip\AppData\Roaming\mozilla\firefox\profiles\ztmfvorq.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362");

 

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Philip\appdata\local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/03/2014 at 14:50:34.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

(Second JRT run Oct 9th)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Philip on Thu 10/09/2014 at  8:04:54.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-639460975-812874640-734877944-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E9004766-02D9-486D-9039-AC1A3A664D31}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E9004766-02D9-486D-9039-AC1A3A664D31}

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-51D78DCC.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\search extensions"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\ai_recyclebin"

 

~~~ FireFox

Successfully deleted the following from C:\Users\Philip\AppData\Roaming\mozilla\firefox\profiles\ztmfvorq.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362");

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/09/2014 at  8:39:10.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

(Oct 9th - ZOEK run)

Zoek.exe v5.0.0.0 Updated 07-October-2014
Tool run by Philip on Thu 10/09/2014 at  9:00:52.31.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Philip\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/9/2014 9:04:00 AM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

64 Bit HP CIO Components Installer 
7-Zip 9.20 (x64 edition) 
Adobe AIR 
Adobe Flash Player 15 ActiveX 
Adobe Flash Player 15 Plugin 
Adobe Reader XI (11.0.09) 
Advanced SystemCare 7 
AIO_Scan 
ANT Drivers Installer x64 
Apple Application Support 
Apple Mobile Device Support 
Apple Software Update 
ArcSoft Print Creations - Album Page 
ArcSoft Print Creations - Funhouse 
ArcSoft Print Creations - Greeting Card 
ArcSoft Print Creations - Photo Book 
ArcSoft Print Creations - Photo Calendar 
ArcSoft Print Creations - Scrapbook 
ArcSoft Print Creations - Slimline Card 
ArcSoft Print Creations 
Audacity 2.0.6 
BufferChm 
C4200 
c4200_Help 
CCleaner 
CCScore 
Copy 
CyberLink DVD Suite Deluxe 
D110 
D3DX10 
Destinations 
DeviceDiscovery 
Digital Voice Editor 3 
DocProc 
Dropbox 
DVD Menu Pack for HP MediaSmart Video 
Elevated Installer 
ESSBrwr 
ESSCDBK 
ESScore 
ESSgui 
ESSini 
ESSPCD 
ESSPDock 
ESSTOOLS 
essvatgt 
fflink 
Free PDF Solutions PDF to WORD version 1.0 
Garmin Express 
Garmin Express Tray 
GeoVision ADPCM 
GeoVision Audio 
GeoVision H264 
GeoVision JPEG 
GeoVision MJPG 
GeoVision MPEG4 
GeoVision MPEG4 ASP 
GeoVision MPEG4 AVC 
GeoVision MXPG 
Google Chrome 
Google Update Helper 
GPBaseService2 
GPL Ghostscript 
HP Advisor 
HP Customer Experience Enhancements 
HP Customer Participation Program 14.0 
HP Imaging Device Functions 14.0 
HP MediaSmart CinemaNow 2.0 
HP MediaSmart DVD 
HP MediaSmart Music 
HP MediaSmart Photo 
HP MediaSmart SmartMenu 
HP MediaSmart/TouchSmart Netflix 
HP Odometer 
HP Photo Creations 
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 
HP Photosmart Essential 3.5 
HP Setup 
HP Smart Web Printing 4.60 
HP Solution Center 14.0 
HP Support Information 
HP Update 
HP Vision Hardware Diagnostics 
HPAppStudio 
HPDiagnosticAlert 
HPPhotoGadget 
HPPhotoSmartDiscLabelContent1 
HPPhotosmartEssential 
HPProductAssistant 
IObit Malware Fighter 
IObit Uninstaller 
Java 7 Update 67 
Java Auto Updater 
Junk Mail filter update 
kgcbaby 
kgchday 
kgchlwn 
kgcinvt 
kgckids 
kgcmove 
kgcvday 
Kodak EasyShare software 
LabelPrint 
LightScribe System Software 
Malwarebytes Anti-Malware version 2.0.2.1012 
MarketResearch 
Mesh Runtime 
Messenger Companion 
Microsoft .NET Framework 1.1 
Microsoft .NET Framework 4.5.1 
Microsoft Application Error Reporting 
Microsoft Office 2007 Service Pack 3 (SP3) 
Microsoft Office Access MUI (English) 2007 
Microsoft Office Access Setup Metadata MUI (English) 2007 
Microsoft Office Enterprise 2007 
Microsoft Office Excel MUI (English) 2007 
Microsoft Office File Validation Add-In 
Microsoft Office Groove MUI (English) 2007 
Microsoft Office Groove Setup Metadata MUI (English) 2007 
Microsoft Office InfoPath MUI (English) 2007 
Microsoft Office Office 64-bit Components 2007 
Microsoft Office OneNote MUI (English) 2007 
Microsoft Office Outlook Connector 
Microsoft Office Outlook MUI (English) 2007 
Microsoft Office PowerPoint MUI (English) 2007 
Microsoft Office Proof (English) 2007 
Microsoft Office Proof (French) 2007 
Microsoft Office Proof (Spanish) 2007 
Microsoft Office Proofing (English) 2007 
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) 
Microsoft Office Publisher MUI (English) 2007 
Microsoft Office Shared 64-bit MUI (English) 2007 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 
Microsoft Office Shared MUI (English) 2007 
Microsoft Office Shared Setup Metadata MUI (English) 2007 
Microsoft Office Word MUI (English) 2007 
Microsoft Silverlight 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2005 Redistributable (x64) 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 
Microsoft Web Publishing Wizard 1.52 
Microsoft WSE 3.0 Runtime 
Movie Theme Pack for HP MediaSmart Video 
Mozilla Firefox 30.0 (x86 en-US) 
Mozilla Maintenance Service 
MSVCRT 
MSVCRT_amd64 
MSXML 4.0 SP2 (KB954430) 
MSXML 4.0 SP2 (KB973688) 
MyDVD-VR Recorder 
netbrdg 
Network64 
Norton Internet Security 
NVIDIA Display Control Panel 
NVIDIA Drivers 
NVIDIA ForceWare Network Access Manager 
OCR Software by I.R.I.S. 13.0 
OfotoXMI 
PaperPort 8.0 SE 
PhotoNow 
PictureMover 
PlayReady PC Runtime amd64 
Pogoplug PC 
Power2Go 
PowerDirector 
PS_AIO_07_D110_SW_Min 
PS_AIO_Software_min 
QuickTime 7 
QuickTransfer 
Realtek High Definition Audio Driver 
Recovery Manager 
Roxio CinemaNow 2.0 
Roxio Easy Media Creator 9 Suite 
Scribus 1.4.3 
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) 
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition  
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition  
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition  
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition  
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition 
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition  
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition  
SFR 
SHASTA 
skin0001 
SKINXSDK 
Smart Defrag 3 
SmartWebPrinting 
SolutionCenter 
Sonic MyDVD-VR 
Sound Organizer 
staticcr 
Status 
Surfing Protection 
Toolbox 
TrayApp 
UnloadSupport 
Update for 2007 Microsoft Office System (KB967642) 
Update for Microsoft Office 2007 Help for Common Features (KB963673) 
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition 
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition 
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition 
Update for Microsoft Office Access 2007 Help (KB963663) 
Update for Microsoft Office Excel 2007 Help (KB963678) 
Update for Microsoft Office Infopath 2007 Help (KB963662) 
Update for Microsoft Office OneNote 2007 Help (KB963670) 
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition 
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition 
Update for Microsoft Office Outlook 2007 Help (KB963677) 
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition 
Update for Microsoft Office Powerpoint 2007 Help (KB963669) 
Update for Microsoft Office Publisher 2007 Help (KB963667) 
Update for Microsoft Office Script Editor Help (KB963671) 
Update for Microsoft Office Word 2007 Help (KB963665) 
VD64Inst 
VPRINTOL 
WebReg 
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) 
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Family Safety 
Windows Live ID Sign-in Assistant 
Windows Live Installer 
Windows Live Language Selector 
Windows Live Mail 
Windows Live Mesh 
Windows Live Mesh ActiveX Control for Remote Connections 
Windows Live Messenger 
Windows Live Messenger Companion Core 
Windows Live MIME IFilter 
Windows Live Movie Maker 
Windows Live Photo Common 
Windows Live Photo Gallery 
Windows Live PIMT Platform 
Windows Live Remote Client 
Windows Live Remote Client Resources 
Windows Live Remote Service 
Windows Live Remote Service Resources 
Windows Live SOXE 
Windows Live SOXE Definitions 
Windows Live Sync 
Windows Live UX Platform 
Windows Live UX Platform Language Pack 
Windows Live Writer 
Windows Live Writer Resources 
WIRELESS 
X264 
Xingtone Ringtone Maker 
XVID 
YTD Video Downloader 4.8.5 

==== Running Processes ======================

C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Philip\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [ACDaemon] - ArcSoft Connect Daemon - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [HBAdmin] - HBAdmin - C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE
R2 - [IMFservice] - IMF Service - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
R2 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
R2 - [NIS] - Norton Internet Security - "C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll" /prefetch:1
R2 - [nvsvc] - NVIDIA Display Driver Service - C:\Windows\system32\nvvsvc.exe
R2 - [RtkAudioService] - Realtek Audio Service - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [Garmin Core Update Service] - Garmin Core Update Service - "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [LiveUpdateSvc] - LiveUpdate - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
S2 - [Roxio Upnp Server 9] - Roxio Upnp Server 9 - "C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [stllssvr] - stllssvr - "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1792 MB
CPU Info: AMD Sempron™ 145 Processor
CPU Speed: 2838.9 MHz
Sound Card: Speakers (5- Rapoo Wireless Aud |
Speakers (Realtek High Definiti |
Display Adapters: NVIDIA GeForce 6150SE nForce 430            | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1360 X 768 - 32 bit
Network: Network Present
Network Adapters: XCETAP0 Adapter | NVIDIA nForce 10/100 Mbps Ethernet
CD / DVD Drives: 1x (E: | ) E: hp      CDDVDW TS-H653R
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  285.4GB | D:  12.5GB
Hard Disks - Free: C:  148.5GB | D:  1.5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | HPQOEM - 20100908
Time Zone: Eastern Standard Time
Motherboard *: PEGATRON CORPORATION 2A99
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Norton Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: IObit Malware Fighter disabled (Outdated)
Firewall: Norton Internet Security disabled
Internet Explorer Version: 11.0.9600.17280
Mozilla Firefox version: 30.0 (x86 en-US)
Google Chrome version: 37.0.2062.124
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_67 (32-bit)
Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Philip\AppData\Local\Temp ====
2014-10-09 11:59:16 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Philip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpklpkcl.dll
2014-10-08 19:32:23 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite74329.dll
2014-10-08 15:36:28 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite18033.dll
2014-10-07 19:43:16 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite64230.dll
2014-10-07 13:35:19 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite88055.dll
2014-10-07 01:35:20 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite65492.dll
2014-10-06 23:57:07 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite41027.dll
2014-10-06 23:22:48 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite66105.dll
2014-10-06 13:32:22 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite10694.dll
2014-10-06 12:47:43 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite53544.dll
2014-10-06 02:03:09 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite36345.dll
2014-10-06 01:27:55 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite15755.dll
2014-10-03 18:20:57 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-03 18:20:57 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\libintl3.dll
2014-10-03 18:20:57 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\pcre3.dll
2014-10-03 18:20:57 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\regex2.dll
2014-10-03 18:20:57 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-03 14:16:51 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite50578.dll
2014-10-03 02:00:59 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite50556.dll
2014-10-03 00:54:57 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite27273.dll
2014-10-02 18:43:21 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite53403.dll
2014-10-02 12:43:16 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite62800.dll
2014-10-02 12:10:06 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite82548.dll
2014-10-02 12:03:03 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite53464.dll
2014-10-02 02:16:48 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite82656.dll
2014-10-02 01:16:40 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite26437.dll
2014-10-01 19:13:59 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite62946.dll
2014-10-01 18:42:39 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-06 12:33:00 204882085A7D984D455AA4DE7B7074C6 5694464 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-10-03 18:00:55 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-10-03 01:31:07 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2014-10-03 01:31:07 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2014-10-03 01:31:06 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-10-03 01:31:06 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-03 01:31:03 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-01 12:39:40 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-06 12:33:00 879A3F94118D686E63041A386FE91EBE 6574592 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-10-03 01:31:37 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2014-10-03 01:31:13 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-03 01:31:13 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2014-10-03 01:31:07 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2014-10-03 01:31:07 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-10-03 01:31:06 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe
2014-10-03 01:31:06 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe
2014-10-03 01:31:06 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2014-10-03 01:31:06 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2014-10-03 01:31:03 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
2014-10-01 12:39:40 8D46C7BCDF7FBAAC8666D6640ADA930E 371712 ----a-w- C:\Windows\Sysnative\qdvd.dll
2014-09-26 16:34:37 7808C3324C3F94625A15EC01E73B5587 6214 ----a-w- C:\Windows\Sysnative\startup.txt
====== C:\Windows\Sysnative\drivers =====
2014-10-03 01:31:13 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-09-27 22:04:10 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-27 22:02:51 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-09-27 22:02:51 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-27 22:02:51 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-10-02 03:14:02 0D0250E4026944D1A67A4DFD54C0E6AD 2856 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster SkipUAC (Philip)
2014-09-27 15:39:42 D7C0E4D849E73E05D65946C01E43DBC6 898 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 15:39:42 03663888A10E67F464A7808BBC66AE3F 3894 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-09-27 15:39:41 DF6248CC3778928C342704429DF3D75D 3642 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2014-09-27 15:39:40 DCB769D4EA5AD3F800E20B77532E7E63 894 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 19:49:22 DDD0E7DAB5A20204FB98CA302CBD1801 3170 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag3_Startup
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-24 15:57:25 -------- d-----w- C:\Program Files\Wondershare
======= C:\PROGRA~2 =====
2014-10-06 00:57:46 -------- d-----w- C:\PROGRA~2\Audacity
2014-09-24 18:05:55 -------- d-----w- C:\PROGRA~2\Free PDF Solutions
2014-09-24 15:58:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Wondershare
======= C: =====
2014-10-02 11:57:49 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\asc_rdflag
====== C:\Users\Philip\AppData\Roaming ======
2014-10-06 00:58:22 -------- d-----w- C:\Users\Philip\AppData\Roaming\Audacity
2014-10-02 01:35:12 -------- d-----w- C:\Users\Philip\AppData\Roaming\MyTurboPC.com
2014-09-28 13:20:21 -------- d-----w- C:\Users\Default\AppData\Roaming\IObit
2014-09-28 13:20:21 -------- d-----w- C:\Users\Default User\AppData\Roaming\IObit
2014-09-24 15:59:00 -------- d-----w- C:\Users\Philip\AppData\Local\Wondershare
2014-09-24 15:57:33 -------- d-----w- C:\Users\Philip\AppData\Roaming\Wondershare
2014-09-24 12:24:43 -------- d-----w- C:\Users\Philip\AppData\Local\Microsoft Corporation
====== C:\Users\Philip ======
2014-10-09 12:03:07 7BC1685F75F0A1FC33E060B19F761AA5 1705755 ----a-w- C:\Users\Philip\Desktop\JRT_NEW.exe
2014-10-06 01:22:11 A8B8CC8342DC3AFFEAEABF0E9229D62F 11449712 ----a-w- C:\Users\Philip\Downloads\YTDSetup.exe
2014-10-06 00:51:41 79943BE44F8288EDC375E3599331F8FF 22892794 ----a-w- C:\Users\Philip\Downloads\audacity-win-2.0.6.exe
2014-10-03 19:06:31 D40E7B5FBB8E0EAA7C5C294389AF95AB 4181856 ----a-w- C:\Users\Philip\Downloads\tdsskiller.exe
2014-10-03 18:55:27 FCCD0F6A733248E8F624B9FE813F0324 1944824 ----a-w- C:\Users\Philip\Downloads\rkill.exe
2014-10-03 18:19:59 D7B7185D27C5945BD0D212F6240F0E95 1702068 ----a-w- C:\Users\Philip\Downloads\JRT.exe
2014-10-03 17:57:19 12EFD5FA51597F188E5DB50BE20EE597 1375089 ----a-w- C:\Users\Philip\Downloads\AdwCleaner.exe
2014-10-02 04:31:59 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Philip\Downloads\OTL.exe
2014-10-02 01:34:38 -------- d-----w- C:\ProgramData\MyTurboPC.com
2014-10-02 01:31:36 09B1108E37CD9B478BFC89B6C2B369EC 6312160 ----a-w- C:\Users\Philip\Downloads\myturbopc.exe
2014-09-27 15:42:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-24 18:05:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Solutions
2014-09-24 15:54:52 -------- d-----w- C:\Users\Public\Documents\Wondershare

====== C: exe-files ==
2014-10-06 00:57:47 0F811A4F6DBE9E47AA82C90582F4C258 8119808 ----a-w- C:\Program Files (x86)\Audacity\audacity.exe
2014-10-06 00:57:47 0B8759BC2E43E1D504F67BB7F1BA70D5 1484489 ----a-w- C:\Program Files (x86)\Audacity\unins000.exe
=== C: other files ==
2014-10-03 18:20:56 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\prelim.bat
2014-10-03 18:20:56 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\runvalues.bat
2014-10-03 18:20:56 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\TDL4.bat
2014-10-03 18:20:56 BAA93E9D365730B1DACB94CE2B5DDF05 188476 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\misc.bat
2014-10-03 18:20:56 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\surfvox.bat
2014-10-03 18:20:56 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-03 18:20:56 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\mws.bat
2014-10-03 18:20:55 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\medfos.bat
2014-10-03 18:20:55 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\firefox.bat
2014-10-03 18:20:55 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-03 18:20:55 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\delorphans.bat
2014-10-03 18:20:55 3A40BCC137EC34F9C8584B1E8D3F96AC 14957 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\get.bat
2014-10-03 18:20:55 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\ask.bat
2014-10-03 18:20:55 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\iexplore.bat
2014-10-03 18:20:55 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\delfolders.bat
2014-10-03 18:20:55 033C39EE1AA271C9DC11FC486ED20C64 14144 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\chrome.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcSoft Connection Service"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Roxio\\Media Experience\\DMXLauncher.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPAdvisorDock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPAdvisorDock"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\DOCK\\HPAdvisorDock.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpqSRMon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Scansoft\\PaperPort\\IndexSearch.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM Startup"
"hkey"="HKLM"
"command"="c:\\PROGRA~2\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSScheduler"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PogoplugPC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PogoplugPC"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\PogoplugPC\\ppserver.exe\" --starthidden"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxWatchTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoxWatchTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmartMenu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
"item"="Event Reminder"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Event Reminder.lnk"
"backup"="C:\\Windows\\pss\\Event Reminder.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files (x86)\\The Print Shop 23\\Remind.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Hp\\DIGITA~1\\bin\\hpqtra08.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"item"="Kodak EasyShare software"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\Windows\\pss\\Kodak EasyShare software.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
"item"="Snapfish PictureMover"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Snapfish PictureMover.lnk"
"backup"="C:\\Windows\\pss\\Snapfish PictureMover.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PICTUR~1\\Bin\\PICTUR~1.EXE"

==== Startup Folders ======================

2014-08-18 00:05:46 1055 ----a-w- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/24/2014 01:55 PM]
C:\Windows\tasks\EasyShare Registration Task.job --a------ C:\Windows\system32\rundll32ZC:\PROGRA3\Kodak\EasyShareSetup\REGIS1\Registration_8.3.20.1.sxt [email protected] []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ :C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/27/2014 11:39 AM]
C:\Windows\tasks\HP Photo Creations Communicator.job --a------ C:\ProgramData\HP Photo Creations\Communicator.exe [03/31/2013 09:32 PM]
C:\Windows\tasks\HPCeeScheduleForPhilip.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/13/2010 10:15 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASC7_SkipUac_Philip" ["C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe" /SkipUac]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Philip)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (SYSTEM)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\EasyShare Registration Task" [C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt [email protected]]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForPhilip" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe]
"C:\Windows\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\Test TimeTrigger" [C:\Users\Philip\AppData\Local\Temp\Runner.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03/30/2013 02:55 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03/30/2013 02:55 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Ads Removal - %ProfilePath%\extensions\[email protected]
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\[email protected]

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Philip\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
472DAEA6EEE84240DEA132C95C57EB68 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]

Internet Speed Tracker - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdnhokdlhndmflmklllleemdenbikla
Google Voice Search Hotword (Beta) - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Wallet - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmail™ - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
Docs - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com/" ]

C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
false,"was_installed_by_default":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13007711863895600","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.c...ription":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\resources\\cloud_print","was_installed_by_default":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"yn","creation_flags":137,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"]},"install_time":"13007711866493600","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google....cription":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"https://mail.google....y":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\PepperFlash\\pepflashplayer.dll","version":"11.6.602.180"},{"enabled":true,"name":"Chrome Remote Desktop Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\pdf.dll","version":""},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.135\\npGoogleUpdate3.dll","version":"1.3.21.135"},{"enabled":true,"name":"Bing Bar","path":"C:\\Program Files (x86)\\MSN Toolbar\\Platform\\5.0.1438.0\\npwinext.dll","version":"5.0.1438.0"},{"enabled":true,"name":"Windows Live\u00AE Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"14.0.8081.0709_ship.wlx.w3m3 (ship)"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.50401.0\\npctrl.dll","version":"4.0.50401.0"},{"enabled":true,"name":"Adobe Flash Player"},{"enabled":true,"name":"Bing Bar"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Live\u00AE Photo Gallery"}],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":12,"content_settings":{"clear_on_exit_migrated":true,"pref_version":1},"created_by_version":"25.0.1364.172","exit_type":"Normal","exited_cleanly":true,"name":"Sneaky"},"promo":{"ntp_notification_promo":[{"closed":false,"end":1363751940.0,"gplus_required":false,"group":0,"increment":1,"increment_frequency":0,"increment_max":1,"max_views":15,"num_groups":1,"segment":1,"start":1362546000.0,"text":"New! The latest versions of Chrome's mobile apps are now available on \u003Ca href=\"https://play.google....o\"\u003EGoogle Play\u003C/a\u003E and the \u003Ca href=\"https://itunes.apple...mt=8\"\u003EApp Store\u003C/a\u003E.","views":0}]},"session":{"restore_on_startup": 4, "startup_urls": [ "http://www.only-sear...4_onst&tsp=5362" ]},"sync_promo":{"startup_count":1,"view_count":1},"homepage":"http://www.only-sear...search_provider": {"synced_guid": "{8AA8A2C1-6D4D-45CA-8E8A-C1FE0ABE2236}"},"default_search_provider_data": {"template_url_data": {"alternate_urls": [  ],"created_by_policy": false,"date_created": "0","favicon_url": "http://www.only-sear...avicon.ico","id": "1000","image_url": "","image_url_post_params": "","input_encodings": [ "UTF-8" ],"instant_url": "","instant_url_post_params": "","keyword": "only-search.com","last_modified": "0","new_tab_url": "","originating_url": "","prepopulate_id": 1,"safe_for_autoreplace": true,"search_terms_replacement_key": "","search_url_post_params": "","short_name": "Only Search","suggestions_url": "","suggestions_url_post_params": "","synced_guid": "{8AA8A2C1-6D4D-45CA-8E8A-C1FE0ABE2236}","url": "http://www.only-sear...2","usage_count": 0}}}

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.only-sear...1FF7EB&tsp=5362"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://securityrespo...r/fix_homepage/"
"Start Page"="http://www.symantec....&pvid=21.5.0.19"
"Search Page"="http://securityrespo...r/fix_homepage/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://securityrespo...r/fix_homepage/"
"Start Page"="http://www.symantec....&pvid=21.5.0.19"
"Search Page"="http://securityrespo...r/fix_homepage/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...Box&FORM=IE8SRC"
{3CC8EA46-C645-4134-A48D-0C77F46A73B3} Unknown  Url="Not_Found"
{AC4E08EF-2183-450E-B346-D4163BA55119} Unknown  Url="Not_Found"
{D1564CAF-8680-4433-9C61-28CBD2EB9C6C} Yahoo  Url="http://search.yahoo....&p={searchTerms}"
{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC} Vgrabber v1 Customized Web Search Url="http://search.condui...4682429425&UM=2"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Thu 10/09/2014 at  9:15:19.54 ======================

 

Awaiting your response

Phil


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, good start! :thumbsup:

 

 

OK, yesterday gone all day

 

Not a problem as we're all volunteers here and no one does this full time. We try to get at least one response per 24 hours if we can.

 

 

- I had done a couple of things while waiting for your first response. So I will be posting a little extra this time, just to ensure you see all that is going on.

 

Excellent, however notice a few things that came to my attention. :)

 

 

OTL log (10092014_071320.log) (Oct 9th)

 

Yes, this is the fix log and looks as expected.

 

 

ADW log from Oct 4th (I think)

 

No, not quite... ;) How about March 10th

(1st ADW run Oct 4th))

# AdwCleaner v3.311 - Report created 03/10/2014 at 14:04:38
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Philip - PHILIP-HP
# Running from : C:\Users\Philip\Downloads\AdwCleaner.exe

 

 

ADW log from Oct 9th (after the OTL script run)

 

Close ;)

(Second ADW Oct 9th)

# AdwCleaner v3.311 - Report created 09/10/2014 at 07:49:02
# Updated 30/09/2014 by Xplode

 

 

 

JRT log from Oct 4th (I think)

 

Oct 3

 

 

JRT log from Oct 9th (after the OTL script run)

 

Yup!

 

 

ZOEK-result

 

Oct 9th

 

I hope you take my teasing in the good natured way that I intended :)   You are doing quite well with all of this and it helps me to know that you are a well informed and serious user :thumbsup:

 

That said, all these logs are as expected and consistant with where we are in the fix process. Let's talk about this other stuff and then we'll get on with the cleaning.

 

 

I have wondered about all those programs running at the same time but didn't have crashes or blue screens so I figured live with the slow. Then that got beyond my patience so I found you guys. Now I agree, I will leave Norton on, get rid of MBAM and IOBIT. But will take your advice and run MBAM once a month for safety sake. Will be installing Defender and Avast. If Norton should also be removed then I will as the money is not the problem - it is all the time wasted waiting for a slow machine.

 

It's difficult and frustrating trying to work through all of these particulars. Especially with A/V's and all that. Everyone you talk to will have a different opinion on each. What I try and do it give you the benefit of what I see with visitors here on G2G and what other Helpers do and suggest. The other variable in this mix is that every handful of months a new product comes out or an existing product changes in some way so that that our opinion and guidance changes. So remember, this is "point in time" assessment and advice. So please stop back often and talk with me/us. :)

 

I'm in agreement with your decision on MBAM, IOBIT and Norton. Remember that for a/v's it's one to a machine. Not more than one. So, pick Defender or Avast, but not both. And, I'm a fan of both, so you can't go wrong either way. Defender is free. Avast has a free a/v, but paid subscription for the other components. I use Defender on my W7, W8 and Vista Machines, Avast on my XP and two of my other W7 machines. Love them both!

 

Ok, back to your machine. Did we fix the Proxy issue? Did you test all browsers and are they all working? Last, give me one more OTL scan like you did in your original post. Then just post the OTL.txt.


  • 0

#7
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Defender part of Win7 is running, also Avast is running, and Norton Internet Security is running. 

No your kidding is not offensive at all :))

The 3/10/14 ADW still is confusing as I have never run that program before and was the only ADW log file on my desktop. Oh well, not a big deal.

All appears to be working except when opening Chrome it opens with a second one as a tab. (Both are attempting to reach the same place, I just "X" out of the second one each time.)

The 'proxy' problem seems to disappeared. 

 

I have a few of these problems on my Laptop also: thought I would remove MBAM, IOBIT, run OTL and then open a new ticket on that one or should I stick to this discussion here? Either way it will be a few days before I can get to that PC.

 

Here is the latest OTL

 

OTL logfile created on: 10/9/2014 12:52:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philip\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.37 Gb Available Physical Memory | 21.43% Memory free
3.50 Gb Paging File | 1.55 Gb Available in Paging File | 44.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 151.00 Gb Free Space | 52.90% Space Free | Partition Type: NTFS
Drive D: | 12.54 Gb Total Space | 1.54 Gb Free Space | 12.25% Space Free | Partition Type: NTFS
 
Computer Name: PHILIP-HP | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/09 12:51:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philip\Downloads\OTL.exe
PRC - [2014/10/09 10:19:26 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/10/09 10:18:00 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/09/27 11:39:23 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/09/23 00:07:06 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/21 06:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
PRC - [2014/09/12 20:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/09 12:15:35 | 000,043,008 | ---- | M] () -- c:\Users\Philip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphfg03x.dll
MOD - [2014/10/09 10:18:03 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/10/09 10:18:01 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/09/23 00:07:05 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppgooglenaclpluginchrome.dll
MOD - [2014/09/23 00:07:02 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
MOD - [2014/09/23 00:06:58 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
MOD - [2014/09/23 00:06:56 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
MOD - [2014/09/23 00:06:55 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
MOD - [2014/09/12 20:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 15:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/10/09 10:18:00 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/09 23:27:11 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/04 21:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/04 21:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2014/09/24 13:55:34 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/21 06:32:26 | 000,276,376 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe -- (NIS)
SRV - [2014/09/12 05:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/19 16:09:48 | 002,282,272 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/07/23 08:44:16 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/06/06 00:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/11 18:08:26 | 000,903,456 | ---- | M] (Cloud Engines, Inc.) [Auto | Running] -- C:\Program Files (x86)\PogoplugPC\hbadmin.exe -- (HBAdmin)
SRV - [2012/11/08 11:39:36 | 000,174,176 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe -- (PACSPTISVR-Sound_Organizer)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/09 12:22:56 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/10/09 10:18:10 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/10/09 10:18:10 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/10/09 10:18:09 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/10/09 10:18:07 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/10/09 10:18:06 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/10/09 10:18:06 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/10/09 10:18:04 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/08/25 22:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 22:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 15:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/06/04 15:17:14 | 000,021,184 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2014/03/04 00:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 21:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/10 10:34:38 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2014/01/12 21:34:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/01/05 20:06:09 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/04/12 17:00:38 | 000,039,712 | ---- | M] (Cloud Engines, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xcetap0.sys -- (xcetap0)
DRV:64bit: - [2013/03/14 13:18:55 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2013/01/20 02:16:48 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/04 07:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/18 11:11:52 | 000,013,312 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ICDUSB3.sys -- (ICDUSB3)
DRV:64bit: - [2006/11/27 12:21:28 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\RxFilter.sys -- (RxFilter)
DRV - [2014/10/06 05:09:08 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141008.016\ex64.sys -- (NAVEX15)
DRV - [2014/10/06 05:09:08 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/10/06 05:09:08 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141008.016\eng64.sys -- (NAVENG)
DRV - [2014/09/23 14:00:10 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/09/12 18:11:19 | 001,586,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/08/29 16:29:11 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141007.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/27 12:21:28 | 000,058,880 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{3CC8EA46-C645-4134-A48D-0C77F46A73B3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{AC4E08EF-2183-450E-B346-D4163BA55119}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D1564CAF-8680-4433-9C61-28CBD2EB9C6C}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{E9004766-02D9-486D-9039-AC1A3A664D31}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3CC8EA46-C645-4134-A48D-0C77F46A73B3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{D1564CAF-8680-4433-9C61-28CBD2EB9C6C}: "URL" = http://search.yahoo....psg&type=HPDTDF
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{D1564CAF-8680-4433-9C61-28CBD2EB9C6C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}: "URL" = http://search.condui...4682429425&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49232;https=127.0.0.1:49232
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.only-sear...FF7EB&tsp=5362"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\GvNPRT: C:\Program Files (x86)\GvNPRT\nprt_gvx.dll ( )
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Philip\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/10/09 12:14:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/30 14:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/10/09 12:22:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/24 14:36:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/30 14:55:03 | 000,000,000 | ---D | M]
 
[2013/05/21 11:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\Mozilla\Extensions
[2014/10/06 19:27:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions
[2014/09/06 08:26:55 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\extensions\[email protected]
[2014/09/29 18:04:55 | 000,008,061 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\searchplugins\yahoo_ff.xml
[2014/10/01 23:06:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/10/01 23:06:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2013/05/31 16:31:32 | 000,338,432 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nprt_gvx.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdnhokdlhndmflmklllleemdenbikla\10.83.4.65332_0\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\17.2.8_0\
 
O1 HOSTS File: ([2014/10/09 07:13:27 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O1364bit: - gopher Prefix: missing
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://webcam.villag...hecker_8570.cab (OCXDownloadChecker Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34C50CC4-74F8-48A4-9B40-58E9A7F1C13E}: DhcpNameServer = 192.168.0.1 205.171.3.26 205.171.2.26
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/09 11:56:49 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\AVAST Software
[2014/10/09 11:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/10/09 10:18:33 | 000,092,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/10/09 10:18:32 | 001,041,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/10/09 10:18:30 | 000,427,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/10/09 10:18:30 | 000,426,848 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1412871776220
[2014/10/09 10:18:27 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/10/09 10:18:21 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/10/09 10:18:18 | 000,307,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/10/09 10:18:03 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/10/09 10:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/10/09 10:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/10/09 10:12:18 | 004,862,664 | ---- | C] (AVAST Software) -- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
[2014/10/09 09:00:35 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/10/09 07:13:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/10/05 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\Audacity
[2014/10/05 20:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/10/03 14:21:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/10/03 14:00:55 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/10/03 13:59:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/01 21:41:04 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2014/10/01 21:35:12 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\MyTurboPC.com
[2014/10/01 21:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2014/09/27 18:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/27 11:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/09/24 14:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Solutions
[2014/09/24 14:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF Solutions
[2014/09/24 11:59:00 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Wondershare
[2014/09/24 11:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2014/09/24 11:57:33 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Roaming\Wondershare
[2014/09/24 11:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2014/09/24 11:54:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2014/09/24 08:24:43 | 000,000,000 | ---D | C] -- C:\Users\Philip\AppData\Local\Microsoft Corporation
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/09 12:55:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/09 12:44:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/09 12:23:16 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/10/09 12:22:56 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/10/09 12:22:36 | 000,426,848 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1412871776220
[2014/10/09 12:22:06 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/09 12:22:06 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/09 12:13:46 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/09 12:12:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/09 12:11:55 | 1408,737,280 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/09 10:18:10 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/10/09 10:18:10 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/10/09 10:18:09 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/10/09 10:18:07 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/10/09 10:18:06 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/10/09 10:18:06 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/10/09 10:18:06 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/10/09 10:18:04 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/10/09 10:18:03 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/10/09 10:12:45 | 004,862,664 | ---- | M] (AVAST Software) -- C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
[2014/10/09 07:13:27 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/10/07 02:35:44 | 000,047,283 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1506000.020\VT20141006.018
[2014/10/06 08:30:05 | 001,938,959 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1506000.020\Cat.DB
[2014/10/05 21:27:20 | 000,001,247 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/10/05 20:58:00 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/10/02 21:54:53 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/10/02 07:57:49 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014/09/29 10:58:42 | 000,799,850 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/29 10:58:42 | 000,674,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/29 10:58:42 | 000,127,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/27 21:38:15 | 000,053,535 | ---- | M] () -- C:\Users\Philip\Desktop\food stamps.JPG
[2014/09/27 18:42:35 | 000,002,237 | ---- | M] () -- C:\Users\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/27 11:42:17 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/27 10:24:49 | 000,044,902 | ---- | M] () -- C:\Users\Philip\Desktop\Kisses.JPG
[2014/09/26 16:33:06 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2014/09/26 16:33:06 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/09/26 16:33:06 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPhilip.job
[2014/09/26 12:38:07 | 000,006,068 | ---- | M] () -- C:\Users\Philip\Documents\cc_20140926_123745.reg
[2014/09/21 06:32:13 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1506000.020\isolate.ini
[2014/09/19 09:03:49 | 000,463,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/18 14:41:53 | 000,001,055 | ---- | M] () -- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/12 23:27:48 | 000,791,972 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2014/10/09 11:10:48 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/10/09 10:18:32 | 000,224,896 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/10/09 10:18:30 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/10/09 10:18:24 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/10/05 20:57:58 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Audacity.lnk
[2014/10/05 20:57:54 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/10/02 07:57:49 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014/09/27 21:38:13 | 000,053,535 | ---- | C] () -- C:\Users\Philip\Desktop\food stamps.JPG
[2014/09/27 11:42:17 | 000,002,237 | ---- | C] () -- C:\Users\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/27 11:42:17 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/27 11:39:42 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/27 11:39:40 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/27 10:24:37 | 000,044,902 | ---- | C] () -- C:\Users\Philip\Desktop\Kisses.JPG
[2014/09/26 12:38:02 | 000,006,068 | ---- | C] () -- C:\Users\Philip\Documents\cc_20140926_123745.reg
[2014/06/14 09:44:22 | 000,010,540 | ---- | C] () -- C:\Users\Philip\AppData\Local\rx_audio.Cache
[2013/12/08 10:28:08 | 000,000,094 | ---- | C] () -- C:\Users\Philip\AppData\Local\fusioncache.dat
[2013/10/27 15:36:44 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2013/10/23 09:49:05 | 000,000,030 | ---- | C] () -- C:\Windows\GeoDebug61.ini
[2013/10/23 09:47:00 | 000,000,024 | ---- | C] () -- C:\Windows\ocx_temp.ini
[2013/10/23 09:46:13 | 000,480,256 | ---- | C] () -- C:\Windows\VISCA.dll
[2013/10/23 09:46:13 | 000,253,952 | ---- | C] () -- C:\Windows\JxIni.dll
[2013/10/23 09:46:13 | 000,211,968 | ---- | C] ( ) -- C:\Windows\GV_AccessIni_Memory.dll
[2013/10/23 09:46:12 | 000,243,200 | ---- | C] () -- C:\Windows\GV_GeoPTZini.dll
[2013/05/20 07:06:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\38213a382622542039_c
[2013/05/17 14:35:23 | 000,207,062 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2013/05/17 14:35:23 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/04/26 16:53:44 | 000,000,258 | RHS- | C] () -- C:\Users\Philip\ntuser.pol
[2013/04/20 20:25:06 | 001,756,336 | ---- | C] () -- C:\Users\Philip\AppData\Local\rx_image.Cache
[2013/04/05 11:44:07 | 000,004,096 | -H-- | C] () -- C:\Users\Philip\AppData\Local\keyfile3.drm
[2013/03/30 14:18:16 | 000,206,946 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/03/17 18:36:52 | 000,165,027 | ---- | C] () -- C:\Windows\hpoins13.dat
[2013/03/17 18:36:52 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2013/03/16 14:57:08 | 000,014,848 | ---- | C] () -- C:\Users\Philip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/15 17:23:04 | 000,124,264 | R--- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2013/03/15 17:23:04 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2013/03/15 17:23:04 | 000,010,600 | R--- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2013/03/14 18:30:59 | 000,000,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2013/03/14 14:29:28 | 000,791,972 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/05 22:19:26 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Audacity
[2014/10/09 11:56:49 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\AVAST Software
[2014/01/29 18:08:33 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Blackboard
[2013/12/16 12:02:24 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\com.amazon.music.uploader
[2014/10/09 12:15:49 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Dropbox
[2014/07/28 21:43:06 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Garmin
[2014/01/22 22:31:57 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\IObit
[2014/10/01 21:35:12 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\MyTurboPC.com
[2013/05/20 07:07:59 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\NewspaperDirect
[2013/04/03 23:09:38 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Oberon Media
[2014/07/28 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Oracle
[2013/03/14 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\PictureMover
[2014/09/24 13:14:15 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\ProductData
[2013/09/16 08:55:27 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Scribus
[2013/03/14 15:50:50 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Skinux
[2013/03/31 21:33:23 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Visan
[2014/09/24 13:14:10 | 000,000,000 | ---D | M] -- C:\Users\Philip\AppData\Roaming\Wondershare
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Philip\Documents\Untitled2.wma:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Philip\Documents\Garmin:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Philip\Documents\Fax:Roxio EMC Stream
@Alternate Data Stream - 364 bytes -> C:\ProgramData\Temp:F2721624
 
< End of report >

  • 0

#8
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Quite an improvement! :thumbsup:

 

 

Defender part of Win7 is running, also Avast is running, and Norton Internet Security is running.

 

Tend to this as quickly as you can. While two or more a/v's are running, it's effectively the same as having none running. :X

 

 

The 'proxy' problem seems to disappeared.

 

Yes, I see that too in the log, yet I'm still not happy with the way Chrome looks. How about Reseting Chrome using the instructions on this page https://support.goog...296214?hl=en-GB

 

Let me know if that fixes the extra Tab. On the surface it's no big deal, but it hints strongly at significant underlying issues.

 

If the Tab is gone, then move on to these final scans. If not, hold off on MBAM and ESET and let me know.

 

We'll search for some remnants that might be hiding.
 
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update
 
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

MBAMsettings.JPG

 
  • Go back to the Dashboard and select Scan Now

MBAMScan.JPG

 
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

MBAMReboot.JPG

 
  • On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.

MBAMLog.JPG

 
Please post that log for my review.

 

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:


  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:


  • Make sure that Remove found threats is checked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

 

 

 

I have a few of these problems on my Laptop also: thought I would remove MBAM, IOBIT, run OTL and then open a new ticket on that one or should I stick to this discussion here? Either way it will be a few days before I can get to that PC.

 

Since it's a different machine, go ahead and open a different ticket.


  • 0

#9
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
This one did not give me a log file, but diligent search found it, the only one in the programs directory for this program.
Malwarebytes Anti-Malware 2.0.2.1012
 
Improvements:
•   Changed some of the terminology used in scan results and scan logs to make them clearer
•   Enabling or disabling self-protection should now be more responsive under most circumstances
•   Each language name is now listed in its native tongue rather than being translated to make switching languages easier
•   Blank window is no longer observed flashing on screen during startup and shut down of system when Malwarebytes Anti-Malware is running in the tray on Windows Vista and newer operating systems
 
Issues Fixed:
•   Several crashes and BSOD issues fixed with rootkit scanning
•   Scan speed improved with rootkit scanning enabled under some circumstances
•   Rootkit scans should no longer hang indefinitely under certain conditions
•   Compatibility issues with certain VPN client software fixed
•   Protection no longer fails to start after upgrade under some circumstances when self-protection is active prior to upgrading
•   Entire General Settings tab now responds to clicks correctly
•   Several issues with Access Policy restrictions not restricting access as they should
•   Editing the Access Policy password no longer results in restricted areas of the software being inaccessible when the correct password is entered
•   Access Policy feature now functions when Bitdefender Total Security is installed
•   Manual scan of individual files and folders using context menu scan feature in Explorer no longer results in the scan failing to run under certain circumstances
•   Green checkmark status is no longer indicated when Malwarebytes Anti-Malware is unable to reach update servers when attempting to update
•   Text is no longer cutoff in the UI on Windows XP or when the 'Classic' theme is used on Windows 7
•   Scan time is now reflected accurately at the end of a scan
•   Quarantined objects remain listed correctly in Limited User Accounts when restoration of an object fails due to lack of permissions
•   Some words in UI which were not translated into non-English languages now are when those languages are selected
•   Driver left behind during uninstallation of Malwarebytes Anti-Malware is now removed as it should be when the product is uninstalled
 
WOW this took six hours to run
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=720d2201b58bed4ba3b1124afc76e413
# engine=20523
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-10 12:54:48
# local_time=2014-10-09 08:54:48 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 0 175409073 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 164445938 0 0
# scanned=410211
# found=7
# cleaned=7
# scan_time=15276
sh=50A6CE80D199927A4D387A871E1196C852D48CCA ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=117AB57253AF6C3F973D4420962C1308E0D2563E ft=1 fh=a671bc82a2b158e8 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSI60DF.tmp"
sh=373AD1485924193C6AAEC83293DC4D41FBBB5B03 ft=1 fh=efca26f8c77d3d10 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSI8CE7.tmp"
sh=373AD1485924193C6AAEC83293DC4D41FBBB5B03 ft=1 fh=efca26f8c77d3d10 vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Installer\MSIC70B.tmp"
 

Think I will go to bed now.


  • 0

#10
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

WOW this took six hours to run

 

ESET is a great, Deep Scanning tool, but an odd one in that sometimes if finishes within minutes and other times it takes...6 Hours.

 

I used to have a line in my canned about the length of time, but a lot of the recent scans took only minutes, so I removed it. I guess I need to put the warning back.

 

In any case, unless you have questions or issues, I think I will send you on your way!

 

I will also remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Good news ----- Your log appears clean xthumbsup.gif.pagespeed.ic.7aXFW0A4z_.pn

A good workman always cleans up after himself so..The following piece of code will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransom-ware. (This is really important!)

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean. Same with ESET, but in your case let it run over night while you sleep ;)

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe wavey.gif.pagespeed.ce.4AQn4GwL8t.gif

 

If you have any questions or further problems, feel free to stop back xsmile.png.pagespeed.ic.CwSpBGGvqN.png It's been a pleasure!!

 


  • 0

#11
pnavce

pnavce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

OK thanks a million - do those remaining tasks and run it for a couple of days and report back good or bad. Pretty busy elsewhere right now so not much time for PC stuff. 

 

Again thanks

Phil


  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Take care!!! :wave:


  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP