PC start up takes 3-6 minutes,
Chrome takes another 5-7 minutes,
Something is continually changing settings so it is looking for a 'proxy server',
Downloading is pretty slow but uploading is slower than a snail,
Here is my OTL.exe log
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
PC start up takes 3-6 minutes,
Chrome takes another 5-7 minutes,
Something is continually changing settings so it is looking for a 'proxy server',
Downloading is pretty slow but uploading is slower than a snail,
Here is my OTL.exe log
Very sorry that it has taken so long to respond to your request.
Occasionally we get very, very busy and that is the case now.
However, I do have time and desire.
Do you still need help or have you resolved your issue?
The issues are still there, especially the trying to force my browser through a proxy which I don't use (have to change settings every time I restart my PC. It is also still slow. Going to bed will check back tomorrow.
Hi,
Ok, let's get to work.
You've got a lot going on here (all fixable), but I'm going to take it in pieces. Just to address your initial concerns of the browser and the Proxy, yes I see it. Make sure you've got all your Bookmarks backed up before you start my fixes.
You have a significat amount of infections and issues with IE, FF and Chrome. I'm going to try and solve these Browser issues gently, but I may have to come back and write a custom fix to remove the bad lines.
Let's try a reset of each first. Let's just reset IE first. These instructions may not be exactly correct, but it should get you close and I think you can intuit the remainder.
I don't want to potentially break all your Browsers, so let's leave Chrome and FF for next time.
To reset Internet Explorer settings
■Close all Internet Explorer and Windows Explorer windows that are currently open.
■Reopen Internet Explorer.
■Click the Tools button, and then click Internet options.
■Click the Advanced tab, and then click Reset. ...
■In the Reset Internet Explorer Settings dialog box, click Reset.
Reboot the machine and see if IE works and doesn't bug you about the Proxy. Let me know and regardless, continue with the OTL fix.
Fix with OTL
Please re-run OTL with this removal script included.
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
:COMMANDS [SETRESTOREPOINT] :OTL O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4153492D-4700-A76A-76A7-7A786E7484D7} - No CLSID value found. O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :COMMANDS [RESETHOSTS] [EMPTYTEMP] [REBOOT]
Please include the content of this logfile in your next reply.
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
createsrpoint; process; services-list; systemspecs; startupall; skipfix-iedefaults; firefoxlook; chromelook; filesrcm; installedprogs;
Post its content into your next reply.
While I'm working through the logs that you post back for me, be thinking about the following. You have MBAM, Norton and IOBIT installed and running on your machine. Individually, each consumes quite a bit of system resources. Imagine what all three are doing. My suggestion (and it's only a suggestion) is to uninstall MBAM and run it "on-demand" (a couple of times a month). There's very little upside to having it installed. I feel the same about IOBIT/Registry Cleaners. Have a read here http://miekiemoes.bl...weaking_13.html. Norton...slow, cumbersome, expensive. Maybe, with MBAM and IOBIT gone, the machine will do ok with Norton. I know you paid for it and you want to get your money's worth, however, for an a/v, Defender (free) and Avast (free) do as good or better a job and they don't hog system resources.
Ok, that's my opinion. Let me know your thoughts.
OK, yesterday gone all day- I had done a couple of things while waiting for your first response. So I will be posting a little extra this time, just to ensure you see all that is going on.
OTL log (10092014_071320.log) (Oct 9th)
ADW log from Oct 4th (I think)
ADW log from Oct 9th (after the OTL script run)
JRT log from Oct 4th (I think)
JRT log from Oct 9th (after the OTL script run)
ZOEK-result
I have wondered about all those programs running at the same time but didn't have crashes or blue screens so I figured live with the slow. Then that got beyond my patience so I found you guys. Now I agree, I will leave Norton on, get rid of MBAM and IOBIT. But will take your advice and run MBAM once a month for safety sake. Will be installing Defender and Avast. If Norton should also be removed then I will as the money is not the problem - it is all the time wasted waiting for a slow machine.
(OTL today)
All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[SETRESTOREPOINT]> in the current context!
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4153492D-4700-A76A-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4153492D-4700-A76A-76A7-7A786E7484D7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25510184-5A38-4A99-B273-DCA8EEF6CD08}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: dub_cm_auto
User: Philip
->Temp folder emptied: 485819209 bytes
->Temporary Internet Files folder emptied: 29102962 bytes
->Java cache emptied: 23189065 bytes
->FireFox cache emptied: 14923168 bytes
->Google Chrome cache emptied: 89195437 bytes
->Flash cache emptied: 68631 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9348453 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42289467 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 662.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10092014_071320
Files\Folders moved on Reboot...
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\search[1].htm moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PQGRFU15\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BP85JYEY\343964-win7-extremely-slow[1].htm moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Philip\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
(1st ADW run Oct 4th))
# AdwCleaner v3.311 - Report created 03/10/2014 at 14:04:38
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Philip - PHILIP-HP
# Running from : C:\Users\Philip\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Philip\AppData\Local\Conduit
Folder Deleted : C:\Users\Philip\AppData\Local\Slick Savings
Folder Deleted : C:\Users\Philip\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Philip\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Philip\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Philip\AppData\Roaming\Strongvault
Folder Deleted : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\Smartbar
Folder Deleted : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Deleted : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnidgldcbakaidffpjinopjbmobecifb
File Deleted : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
File Deleted : C:\Users\Philip\AppData\Local\CRE\jnidgldcbakaidffpjinopjbmobecifb.crx
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\user.js
***** [ Scheduled Tasks ] *****
Task Deleted : RocketTab Update Task
Task Deleted : RocketTab
Task Deleted : Update Service YourFileDownloader
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\jnidgldcbakaidffpjinopjbmobecifb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jnidgldcbakaidffpjinopjbmobecifb
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\RocketTabInstalled
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\RocketTab
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\prefs.js ]
Line Deleted : user_pref("CT3268934.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3268934.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3268934.1000234.TWC_TMP_city", "OCALA");
Line Deleted : user_pref("CT3268934.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3268934.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3268934.1000234.TWC_locId", "USFL0355");
Line Deleted : user_pref("CT3268934.1000234.TWC_location", "Ocala, FL");
Line Deleted : user_pref("CT3268934.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3268934.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3268934.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3268934.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.FF19Solved", "true");
Line Deleted : user_pref("CT3268934.FirstTime", "true");
Line Deleted : user_pref("CT3268934.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3268934.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3268934.SF_JUST_INSTALLED", "%CC%C7%D2%D9%CB");
Line Deleted : user_pref("CT3268934.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3268934.SF_STATUS", "%CB%D4%C7%C8%D2%CB%CA");
Line Deleted : user_pref("CT3268934.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3268934.SF_USER_ID", "%E9%EF%EA%E5%B8%BF%B7%B8%B6%B7%BA%B7%BC%BA%BA%BE%BC%BB%BB%BD%B6%B7%B7");
Line Deleted : user_pref("CT3268934.SF_USER_ID.enc", "Y2lkXzI5MTIwMTQxNjQ0ODY1NTcwMTE=");
Line Deleted : user_pref("CT3268934.UserID", "UN22405539101977167");
Line Deleted : user_pref("CT3268934._key_cl_active", "%EA%BB%BA%BF%BE%BB%BC%B8%B3%EB%B6%B7%BA%B3%BA%B9%EC%E8%B3%BF%BC%BC%E8%B3%E7%EB%B8%E8%B9%B8%E7%BD%B6%EB%BC%EC");
Line Deleted : user_pref("CT3268934._key_cl_active.enc", "ZDU0OTg1NjItZTAxNC00M2ZiLTk2NmItYWUyYjMyYTcwZTZm");
Line Deleted : user_pref("CT3268934._key_edilia__uID", "%BA%EC%BC%BF%BE%B6%BD%BC%B3%BC%E7%BC%B7%B3%BA%BC%BE%BC%B3%E8%BF%BC%EC%B3%EC%BB%BE%E9%EA%BD%BB%E7%BA%BF%BF%EA");
Line Deleted : user_pref("CT3268934._key_edilia__uID.enc", "NGY2OTgwNzYtNmE2MS00Njg2LWI5NmYtZjU4Y2Q3NWE0OTlk");
Line Deleted : user_pref("CT3268934.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3268934.autoDisableScopes", -1);
Line Deleted : user_pref("CT3268934.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3268934.cbfirsttime", "%DD%EB%EA%A6%D0%E7%F4%A6%B8%BF%A6%B8%B6%B7%BA%A6%B7%BC%C0%BA%B9%C0%BA%BF%A6%CD%D3%DA%B3%B6%BB%B6%B6%A6%AE%CB%E7%F9%FA%EB%F8%F4%A6%D9%FA%E7%F4%EA%E7%F8%EA%A6%DA%EF%F[...]
Line Deleted : user_pref("CT3268934.cbfirsttime.enc", "V2VkIEphbiAyOSAyMDE0IDE2OjQzOjQ5IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3268934.defaultSearch", "true");
Line Deleted : user_pref("CT3268934.embeddedsData", "[{\"appId\":\"129991104031171027\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3268934.enableAlerts", "true");
Line Deleted : user_pref("CT3268934.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3268934.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3268934.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3268934.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3268934.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3268934.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3268934.fixUrls", true);
Line Deleted : user_pref("CT3268934.installDate", "4/6/2013 19:21:49");
Line Deleted : user_pref("CT3268934.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3268934.installSessionId", "-1");
Line Deleted : user_pref("CT3268934.installSp", "TRUE");
Line Deleted : user_pref("CT3268934.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3268934.installUsage", "2014-01-30T00:42:58.1443109+03:00");
Line Deleted : user_pref("CT3268934.installUsageEarly", "2014-01-30T00:42:55.8354517+03:00");
Line Deleted : user_pref("CT3268934.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3268934.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3268934.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3268934.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3268934.keyword", "true");
Line Deleted : user_pref("CT3268934.lastVersion", "10.16.2.9");
Line Deleted : user_pref("CT3268934.mam_gk_appStateReportTime", "%B7%BA%B6%BE%BF%B6%B6%BF%BB%BA%BC%B6%B9");
Line Deleted : user_pref("CT3268934.mam_gk_appStateReportTime.enc", "MTQwODkwMDk1NDYwMw==");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_CouponBuddy", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Discover", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Easytobook", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Easytobook_targeted", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Find-a-Pro", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_PriceGong", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_WindowShopper", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appState_app13", "%F5%F4");
Line Deleted : user_pref("CT3268934.mam_gk_appState_app13.enc", "b24=");
Line Deleted : user_pref("CT3268934.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJFYXN5dG9ib29rX3RhcmdldGVkIiwidXJsIjoiaHR0cDovL2NvbmQwMS5ldGJ4bWwuY29tL2NvbmR1aXRfYnVuZGxlL3dlYi9jaGVhcC5odG1sIiwic2[...]
Line Deleted : user_pref("CT3268934.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3268934.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3268934.mam_gk_calledSetupService", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_currentBadgeValue", "%B8");
Line Deleted : user_pref("CT3268934.mam_gk_currentBadgeValue.enc", "Mg==");
Line Deleted : user_pref("CT3268934.mam_gk_currentVersion", "%B7%B4%B7%B9%B4%B6%B4%B7%BD");
Line Deleted : user_pref("CT3268934.mam_gk_currentVersion.enc", "MS4xMy4wLjE3");
Line Deleted : user_pref("CT3268934.mam_gk_eventsCache", "ā%A8%EB%E7%E8%E7%E8%BC%B7%BF%B3%BD%E7%BC%E7%B3%BA%B6%EA%BC%B3%E7%BB%EC%B8%B3%BE%EC%BD%E8%EB%B9%B7%B6%B6%EB%BE%EB%A8%C0ā%A8%FA%F5%F6%EF%E9%A8%C0%A8%[...]
Line Deleted : user_pref("CT3268934.mam_gk_eventsCache.enc", "eyJlYWJhYjYxOS03YTZhLTQwZDYtYTVmMi04ZjdiZTMxMDBlOGUiOnsidG9waWMiOiJjcmVhdGVBcHAiLCJkYXRhIjp7ImlkIjoiVXBkYXRlZF9wcml2YWN5X3BvbGljeSIsInNldHRpbmdzIjp7Im5hb[...]
Line Deleted : user_pref("CT3268934.mam_gk_existingUsersRecoveryDone", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_lastLoginTime", "%B7%BA%B6%BE%BF%B6%B6%BF%BB%BA%BF%B6%BB");
Line Deleted : user_pref("CT3268934.mam_gk_lastLoginTime.enc", "MTQwODkwMDk1NDkwNQ==");
Line Deleted : user_pref("CT3268934.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3268934.mam_gk_mamEnabled", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3268934.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3268934.mam_gk_newApps", "%E1ā%A8%EF%EA%A8%C0%A8%D4%EB%FA%F9%EB%EB%F8%A8%B2%A8%F4%E7%F3%EB%A8%C0%A8%D4%EB%FA%F9%EB%EB%F8%A8%B2%A8%EA%EB%F9%E9%F8%EF%F6%FA%EF%F5%F4%A8%C0%A8%D4%EB%FA%F[...]
Line Deleted : user_pref("CT3268934.mam_gk_newApps.enc", "W3siaWQiOiJOZXRzZWVyIiwibmFtZSI6Ik5ldHNlZXIiLCJkZXNjcmlwdGlvbiI6Ik5ldHNlZXIgaXMgYSBkYXRhIGRyaXZlbiBtYXJrZXRpbmcgY29tcGFueSB3aGljaCBwcm92aWRlcyB5b3Ugd2l0aCBhZ[...]
Line Deleted : user_pref("CT3268934.mam_gk_new_welcome_experience", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_pgUnloadedOnce", "%FA%F8%FB%EB");
Line Deleted : user_pref("CT3268934.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3268934.mam_gk_settings1.12.0.5", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3268934.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAxMzAiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjcwXzAiLCJSVEsiOiJINHNJQUFBQUFBQUVBT3k5QjJB[...]
Line Deleted : user_pref("CT3268934.mam_gk_settings1.13.0.17", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%[...]
Line Deleted : user_pref("CT3268934.mam_gk_settings1.13.0.17.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDA4MjQiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsIlJUSyI6IiIsImlzVGVzdCI6dHJ1ZSw[...]
Line Deleted : user_pref("CT3268934.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3268934.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3268934.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");
Line Deleted : user_pref("CT3268934.mam_gk_stamp.enc", "MTA0M18w");
Line Deleted : user_pref("CT3268934.mam_gk_userBornDate", "%D4%B5%C7");
Line Deleted : user_pref("CT3268934.mam_gk_userBornDate.enc", "Ti9B");
Line Deleted : user_pref("CT3268934.mam_gk_userId", "%E9%BF%B7%EA%BE%BC%BE%E8%B3%BF%BD%B6%EA%B3%BA%B8%EA%B8%B3%BF%EA%EC%EC%B3%E9%BA%B6%EB%BD%BD%EC%E9%BF%B6%EA%E9");
Line Deleted : user_pref("CT3268934.mam_gk_userId.enc", "YzkxZDg2OGItOTcwZC00MmQyLTlkZmYtYzQwZTc3ZmM5MGRj");
Line Deleted : user_pref("CT3268934.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3268934.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3268934.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3268934.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3268934.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fbanner.lssc.edu%2Fprod%2Ftwbkwbis.P_Logout\",\"EB_MAIN_FRAME_TITLE\":\"User%20Logout%20\",\"EB_SEARCH_TERM\":\"\",\[...]
Line Deleted : user_pref("CT3268934.openThankYouPage", "false");
Line Deleted : user_pref("CT3268934.openUninstallPage", "true");
Line Deleted : user_pref("CT3268934.originalHomepage", "hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff");
Line Deleted : user_pref("CT3268934.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=");
Line Deleted : user_pref("CT3268934.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3268934.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3268934.rematchGround.upstairs", "ā%A8%EE%FA%FA%F6%C0%B5%B5%EC%E7%F9%FA%E9%F5%F4%FA%EB%F4%FA%B4%E9%F5%F4%EA%FB%EF%FA%B4%E9%F5%F3%B5%EA%F5%FD%F4%F2%F5%E7%EA%E5%F5%EC%EC%EB%F8%F9%B4%EE[...]
Line Deleted : user_pref("CT3268934.rematchGround.upstairs.enc", "eyJodHRwOi8vZmFzdGNvbnRlbnQuY29uZHVpdC5jb20vZG93bmxvYWRfb2ZmZXJzLmh0bWw/Y3RpZD1DVDMyNjg5MzR+YjEwNDN+YzAmaXNtYW5hZ2VkPXRydWUiOjEzOTI2ODk0MDIxMDZ9");
Line Deleted : user_pref("CT3268934.rematchagent-is-test-user", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3268934.rematchagent-is-test-user.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3268934.rematchagent-matkot-user-id", "%A8%B7%B9%BF%B8%BC%BE%BF%BA%B8%BB%BF%BF%BA%BB%BA%B8%B9%BA%BB%BC%A8");
Line Deleted : user_pref("CT3268934.rematchagent-matkot-user-id.enc", "IjEzOTI2ODk0MjU5OTQ1NDIzNDU2Ig==");
Line Deleted : user_pref("CT3268934.rematchagent-periodic-reports", "ā%A8%F6%EF%F4%ED%E5%B6%A8%C0%E1%B7%B9%BF%B8%BC%BE%BF%B9%BD%BE%BF%B7%BC%B2%B7%BA%BA%B6%B6%B6%B6%B6%E3ă");
Line Deleted : user_pref("CT3268934.rematchagent-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzkyNjg5Mzc4OTE2LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3268934.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3268934.search.searchAppId", "129991104031171027");
Line Deleted : user_pref("CT3268934.search.searchCount", "0");
Line Deleted : user_pref("CT3268934.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3268934.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3268934.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3268934.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3268934.searchRevert", "false");
Line Deleted : user_pref("CT3268934.searchUserMode", "2");
Line Deleted : user_pref("CT3268934.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3268934\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Vgrabberv11.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vgrabber v1\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3268934.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1408901064863");
Line Deleted : user_pref("CT3268934.serviceLayer_services_appsMetadata_lastUpdate", "1408900949485");
Line Deleted : user_pref("CT3268934.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1408901064897");
Line Deleted : user_pref("CT3268934.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1391031779474");
Line Deleted : user_pref("CT3268934.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1391031782915");
Line Deleted : user_pref("CT3268934.serviceLayer_services_location_lastUpdate", "1408901065433");
Line Deleted : user_pref("CT3268934.serviceLayer_services_login_10.16.2.9_lastUpdate", "1408901064815");
Line Deleted : user_pref("CT3268934.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1408901064927");
Line Deleted : user_pref("CT3268934.serviceLayer_services_searchAPI_lastUpdate", "1408901065510");
Line Deleted : user_pref("CT3268934.serviceLayer_services_serviceMap_lastUpdate", "1408901064798");
Line Deleted : user_pref("CT3268934.serviceLayer_services_toolbarContextMenu_lastUpdate", "1408901064871");
Line Deleted : user_pref("CT3268934.serviceLayer_services_toolbarSettings_lastUpdate", "1408900949657");
Line Deleted : user_pref("CT3268934.serviceLayer_services_translation_lastUpdate", "1408901064768");
Line Deleted : user_pref("CT3268934.settingsINI", true);
Line Deleted : user_pref("CT3268934.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3268934.showToolbarPermission", "false");
Line Deleted : user_pref("CT3268934.smartbar.CTID", "CT3268934");
Line Deleted : user_pref("CT3268934.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3268934.smartbar.homepage", "true");
Line Deleted : user_pref("CT3268934.smartbar.toolbarName", "Vgrabber v1 ");
Line Deleted : user_pref("CT3268934.startPage", "true");
Line Deleted : user_pref("CT3268934.toolbarBornServerTime", "30-1-2014");
Line Deleted : user_pref("CT3268934.toolbarCurrentServerTime", "24-8-2014");
Line Deleted : user_pref("CT3268934.toolbarLoginClientTime", "Wed Jan 29 2014 16:43:02 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3268934.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3268934_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1409343490271,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3268934");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber v1 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362");
Line Deleted : user_pref("extensions.searchads.insertDomains", "{\"www.only-search.com\":1}");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3268934");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3268934&CUI=UN22405539101977167&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3268934&octid=CT3268934&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268934&SearchSource=2&CUI=UN22405539101977167&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3268934");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3268934");
Line Deleted : user_pref("smartbar.machineId", "QV9F2/B/U6QALKVQGMC/FRE4TBBWN9X0IM5SJHKNTKKTLQ/N45OCSA5CLTQYS7DYAAAONUZDZX0VST5VUAGXVA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3268934&CUI=UN22405539101977167&UM=2&SearchSource=13");
Line Deleted : user_pref("startpage.ntsearch_url", "hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=937811&p={searchTerms}");
-\\ Google Chrome v37.0.2062.124
[ File : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23242531695711164&ctid=CT3268935&UM=2
Deleted [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=BCPA1&o=APN10474&itbv=11.8.1.231&doi=2013-05-02&locale=en_US&apn_uid=3D50ECDE-69AE-4A94-92B8-AD88BE5175A5&apn_ptnrs=^AKZ&apn_dtid=^YYYYYY^YY^US&apn_dbr=cr_26.0.1410.64&&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23242531695711164&ctid=CT3268935&UM=2&UP=SP7E908C67-2783-46BB-96B2-A470C77F0B59&SSPV=
Deleted [Search Provider] : hxxp://www.only-search.com/?babsrc=SP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362&q={searchTerms}
Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1403629024&from=tugs&uid=ST9250410AS_5VG4BEWZ&i=psd&t=344a0cac1&q={searchTerms}
Deleted [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&t=c0120&sp=addr&q={searchTerms}
*************************
AdwCleaner[R0].txt - [26446 octets] - [03/10/2014 13:59:19]
AdwCleaner[S0].txt - [27820 octets] - [03/10/2014 14:04:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27881 octets] ##########
(Second ADW Oct 9th)
# AdwCleaner v3.311 - Report created 09/10/2014 at 07:49:02
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Philip - PHILIP-HP
# Running from : C:\Users\Philip\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
***** [ Scheduled Tasks ] *****
Task Deleted : RocketTab Update Task
Task Deleted : RocketTab
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\RocketTabInstalled
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKLM\SOFTWARE\RocketTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default\prefs.js ]
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362");
-\\ Google Chrome v37.0.2062.124
[ File : C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://www.only-search.com/?babsrc=SP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362&q={searchTerms}
Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1403629024&from=tugs&uid=ST9250410AS_5VG4BEWZ&i=psd&t=344a0cac1&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23242531695711164&ctid=CT3268935&UM=2
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=BCPA1&o=APN10474&itbv=11.8.1.231&doi=2013-05-02&locale=en_US&apn_uid=3D50ECDE-69AE-4A94-92B8-AD88BE5175A5&apn_ptnrs=^AKZ&apn_dtid=^YYYYYY^YY^US&apn_dbr=cr_26.0.1410.64&&q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=pb2&t=c0120&sp=addr&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23242531695711164&ctid=CT3268935&UM=2&UP=SP7E908C67-2783-46BB-96B2-A470C77F0B59&SSPV=
*************************
AdwCleaner[R0].txt - [26446 octets] - [03/10/2014 13:59:19]
AdwCleaner[R1].txt - [3071 octets] - [09/10/2014 07:42:15]
AdwCleaner[S0].txt - [27978 octets] - [03/10/2014 14:04:38]
AdwCleaner[S1].txt - [2821 octets] - [09/10/2014 07:49:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2881 octets] ##########
(First JRT run Oct 4th)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.7 (10.03.2014:1)
OS: Windows 7 Home Premium x64
Ran by Philip on Fri 10/03/2014 at 14:21:59.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-639460975-812874640-734877944-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnpip_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnpip_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LCTaskAssistant9_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LCTaskAssistant9_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apnpip_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LCTaskAssistant9_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LCTaskAssistant9_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D24C2116-C3A1-4C23-AB0D-48592409E429}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AC4E08EF-2183-450E-B346-D4163BA55119}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Philip\appdata\local\cre"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Failed to delete: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted the following from C:\Users\Philip\AppData\Roaming\mozilla\firefox\profiles\ztmfvorq.default\prefs.js
user_pref("browser.startup.homepage", "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362");
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Philip\appdata\local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/03/2014 at 14:50:34.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Second JRT run Oct 9th)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by Philip on Thu 10/09/2014 at 8:04:54.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-639460975-812874640-734877944-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E9004766-02D9-486D-9039-AC1A3A664D31}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E9004766-02D9-486D-9039-AC1A3A664D31}
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-51D78DCC.pf
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\search extensions"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\ai_recyclebin"
~~~ FireFox
Successfully deleted the following from C:\Users\Philip\AppData\Roaming\mozilla\firefox\profiles\ztmfvorq.default\prefs.js
user_pref("browser.startup.homepage", "hxxp://www.only-search.com/?babsrc=HP_kms&affID=129428&tt=020914_onst&mntrid=345900FFFF1FF7EB&tsp=5362");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/09/2014 at 8:39:10.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Oct 9th - ZOEK run)
Zoek.exe v5.0.0.0 Updated 07-October-2014
Tool run by Philip on Thu 10/09/2014 at 9:00:52.31.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Philip\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
10/9/2014 9:04:00 AM Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Advanced SystemCare 7
AIO_Scan
ANT Drivers Installer x64
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ArcSoft Print Creations
Audacity 2.0.6
BufferChm
C4200
c4200_Help
CCleaner
CCScore
Copy
CyberLink DVD Suite Deluxe
D110
D3DX10
Destinations
DeviceDiscovery
Digital Voice Editor 3
DocProc
Dropbox
DVD Menu Pack for HP MediaSmart Video
Elevated Installer
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
Free PDF Solutions PDF to WORD version 1.0
Garmin Express
Garmin Express Tray
GeoVision ADPCM
GeoVision Audio
GeoVision H264
GeoVision JPEG
GeoVision MJPG
GeoVision MPEG4
GeoVision MPEG4 ASP
GeoVision MPEG4 AVC
GeoVision MXPG
Google Chrome
Google Update Helper
GPBaseService2
GPL Ghostscript
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Photo Creations
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Photosmart Essential 3.5
HP Setup
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
IObit Malware Fighter
IObit Uninstaller
Java 7 Update 67
Java Auto Updater
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 2.0.2.1012
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyDVD-VR Recorder
netbrdg
Network64
Norton Internet Security
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OCR Software by I.R.I.S. 13.0
OfotoXMI
PaperPort 8.0 SE
PhotoNow
PictureMover
PlayReady PC Runtime amd64
Pogoplug PC
Power2Go
PowerDirector
PS_AIO_07_D110_SW_Min
PS_AIO_Software_min
QuickTime 7
QuickTransfer
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Roxio Easy Media Creator 9 Suite
Scribus 1.4.3
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
SFR
SHASTA
skin0001
SKINXSDK
Smart Defrag 3
SmartWebPrinting
SolutionCenter
Sonic MyDVD-VR
Sound Organizer
staticcr
Status
Surfing Protection
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VD64Inst
VPRINTOL
WebReg
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
X264
Xingtone Ringtone Maker
XVID
YTD Video Downloader 4.8.5
==== Running Processes ======================
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Users\Philip\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Philip\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services (whitelist) ======================
Powered by E Dev
R2 - [ACDaemon] - ArcSoft Connect Daemon - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [HBAdmin] - HBAdmin - C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE
R2 - [IMFservice] - IMF Service - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
R2 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
R2 - [NIS] - Norton Internet Security - "C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll" /prefetch:1
R2 - [nvsvc] - NVIDIA Display Driver Service - C:\Windows\system32\nvvsvc.exe
R2 - [RtkAudioService] - Realtek Audio Service - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [Garmin Core Update Service] - Garmin Core Update Service - "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe"
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [LiveUpdateSvc] - LiveUpdate - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
S2 - [Roxio Upnp Server 9] - Roxio Upnp Server 9 - "C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe"
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe"
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [stllssvr] - stllssvr - "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 1792 MB
CPU Info: AMD Sempron 145 Processor
CPU Speed: 2838.9 MHz
Sound Card: Speakers (5- Rapoo Wireless Aud |
Speakers (Realtek High Definiti |
Display Adapters: NVIDIA GeForce 6150SE nForce 430 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1360 X 768 - 32 bit
Network: Network Present
Network Adapters: XCETAP0 Adapter | NVIDIA nForce 10/100 Mbps Ethernet
CD / DVD Drives: 1x (E: | ) E: hp CDDVDW TS-H653R
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 285.4GB | D: 12.5GB
Hard Disks - Free: C: 148.5GB | D: 1.5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | HPQOEM - 20100908
Time Zone: Eastern Standard Time
Motherboard *: PEGATRON CORPORATION 2A99
Country: United States
Language: ENU
==== System Specs (Software) ======================
Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Norton Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: IObit Malware Fighter disabled (Outdated)
Firewall: Norton Internet Security disabled
Internet Explorer Version: 11.0.9600.17280
Mozilla Firefox version: 30.0 (x86 en-US)
Google Chrome version: 37.0.2062.124
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_67 (32-bit)
Flash Player version: 15.0.0.152
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\Philip\AppData\Local\Temp ====
2014-10-09 11:59:16 4E566FEA83FCEEAF2873702806B55006 43008 ----a-w- C:\Users\Philip\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpklpkcl.dll
2014-10-08 19:32:23 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite74329.dll
2014-10-08 15:36:28 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite18033.dll
2014-10-07 19:43:16 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite64230.dll
2014-10-07 13:35:19 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite88055.dll
2014-10-07 01:35:20 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite65492.dll
2014-10-06 23:57:07 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite41027.dll
2014-10-06 23:22:48 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite66105.dll
2014-10-06 13:32:22 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite10694.dll
2014-10-06 12:47:43 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite53544.dll
2014-10-06 02:03:09 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite36345.dll
2014-10-06 01:27:55 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite15755.dll
2014-10-03 18:20:57 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-03 18:20:57 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\libintl3.dll
2014-10-03 18:20:57 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\pcre3.dll
2014-10-03 18:20:57 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\regex2.dll
2014-10-03 18:20:57 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-03 14:16:51 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite50578.dll
2014-10-03 02:00:59 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite50556.dll
2014-10-03 00:54:57 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite27273.dll
2014-10-02 18:43:21 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite53403.dll
2014-10-02 12:43:16 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite62800.dll
2014-10-02 12:10:06 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite82548.dll
2014-10-02 12:03:03 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite53464.dll
2014-10-02 02:16:48 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite82656.dll
2014-10-02 01:16:40 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite26437.dll
2014-10-01 19:13:59 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite62946.dll
2014-10-01 18:42:39 006CC8260405E231C2006A0CEA2127FD 1053184 ----a-w- C:\Users\Philip\AppData\Local\Temp\System.Data.SQLite.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-06 12:33:00 204882085A7D984D455AA4DE7B7074C6 5694464 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-10-03 18:00:55 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-10-03 01:31:07 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2014-10-03 01:31:07 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2014-10-03 01:31:06 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-10-03 01:31:06 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-03 01:31:03 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-01 12:39:40 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-06 12:33:00 879A3F94118D686E63041A386FE91EBE 6574592 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-10-03 01:31:37 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2014-10-03 01:31:13 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-03 01:31:13 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2014-10-03 01:31:07 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2014-10-03 01:31:07 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-10-03 01:31:06 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe
2014-10-03 01:31:06 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe
2014-10-03 01:31:06 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2014-10-03 01:31:06 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2014-10-03 01:31:03 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
2014-10-01 12:39:40 8D46C7BCDF7FBAAC8666D6640ADA930E 371712 ----a-w- C:\Windows\Sysnative\qdvd.dll
2014-09-26 16:34:37 7808C3324C3F94625A15EC01E73B5587 6214 ----a-w- C:\Windows\Sysnative\startup.txt
====== C:\Windows\Sysnative\drivers =====
2014-10-03 01:31:13 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-09-27 22:04:10 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-27 22:02:51 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-09-27 22:02:51 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-27 22:02:51 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
====== C:\Windows\Tasks ======
2014-10-02 03:14:02 0D0250E4026944D1A67A4DFD54C0E6AD 2856 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster SkipUAC (Philip)
2014-09-27 15:39:42 D7C0E4D849E73E05D65946C01E43DBC6 898 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-27 15:39:42 03663888A10E67F464A7808BBC66AE3F 3894 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-09-27 15:39:41 DF6248CC3778928C342704429DF3D75D 3642 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2014-09-27 15:39:40 DCB769D4EA5AD3F800E20B77532E7E63 894 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 19:49:22 DDD0E7DAB5A20204FB98CA302CBD1801 3170 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag3_Startup
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-24 15:57:25 -------- d-----w- C:\Program Files\Wondershare
======= C:\PROGRA~2 =====
2014-10-06 00:57:46 -------- d-----w- C:\PROGRA~2\Audacity
2014-09-24 18:05:55 -------- d-----w- C:\PROGRA~2\Free PDF Solutions
2014-09-24 15:58:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Wondershare
======= C: =====
2014-10-02 11:57:49 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\asc_rdflag
====== C:\Users\Philip\AppData\Roaming ======
2014-10-06 00:58:22 -------- d-----w- C:\Users\Philip\AppData\Roaming\Audacity
2014-10-02 01:35:12 -------- d-----w- C:\Users\Philip\AppData\Roaming\MyTurboPC.com
2014-09-28 13:20:21 -------- d-----w- C:\Users\Default\AppData\Roaming\IObit
2014-09-28 13:20:21 -------- d-----w- C:\Users\Default User\AppData\Roaming\IObit
2014-09-24 15:59:00 -------- d-----w- C:\Users\Philip\AppData\Local\Wondershare
2014-09-24 15:57:33 -------- d-----w- C:\Users\Philip\AppData\Roaming\Wondershare
2014-09-24 12:24:43 -------- d-----w- C:\Users\Philip\AppData\Local\Microsoft Corporation
====== C:\Users\Philip ======
2014-10-09 12:03:07 7BC1685F75F0A1FC33E060B19F761AA5 1705755 ----a-w- C:\Users\Philip\Desktop\JRT_NEW.exe
2014-10-06 01:22:11 A8B8CC8342DC3AFFEAEABF0E9229D62F 11449712 ----a-w- C:\Users\Philip\Downloads\YTDSetup.exe
2014-10-06 00:51:41 79943BE44F8288EDC375E3599331F8FF 22892794 ----a-w- C:\Users\Philip\Downloads\audacity-win-2.0.6.exe
2014-10-03 19:06:31 D40E7B5FBB8E0EAA7C5C294389AF95AB 4181856 ----a-w- C:\Users\Philip\Downloads\tdsskiller.exe
2014-10-03 18:55:27 FCCD0F6A733248E8F624B9FE813F0324 1944824 ----a-w- C:\Users\Philip\Downloads\rkill.exe
2014-10-03 18:19:59 D7B7185D27C5945BD0D212F6240F0E95 1702068 ----a-w- C:\Users\Philip\Downloads\JRT.exe
2014-10-03 17:57:19 12EFD5FA51597F188E5DB50BE20EE597 1375089 ----a-w- C:\Users\Philip\Downloads\AdwCleaner.exe
2014-10-02 04:31:59 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Philip\Downloads\OTL.exe
2014-10-02 01:34:38 -------- d-----w- C:\ProgramData\MyTurboPC.com
2014-10-02 01:31:36 09B1108E37CD9B478BFC89B6C2B369EC 6312160 ----a-w- C:\Users\Philip\Downloads\myturbopc.exe
2014-09-27 15:42:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-24 18:05:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Solutions
2014-09-24 15:54:52 -------- d-----w- C:\Users\Public\Documents\Wondershare
====== C: exe-files ==
2014-10-06 00:57:47 0F811A4F6DBE9E47AA82C90582F4C258 8119808 ----a-w- C:\Program Files (x86)\Audacity\audacity.exe
2014-10-06 00:57:47 0B8759BC2E43E1D504F67BB7F1BA70D5 1484489 ----a-w- C:\Program Files (x86)\Audacity\unins000.exe
=== C: other files ==
2014-10-03 18:20:56 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\prelim.bat
2014-10-03 18:20:56 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\runvalues.bat
2014-10-03 18:20:56 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\TDL4.bat
2014-10-03 18:20:56 BAA93E9D365730B1DACB94CE2B5DDF05 188476 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\misc.bat
2014-10-03 18:20:56 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\surfvox.bat
2014-10-03 18:20:56 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-03 18:20:56 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\mws.bat
2014-10-03 18:20:55 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\medfos.bat
2014-10-03 18:20:55 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\firefox.bat
2014-10-03 18:20:55 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-03 18:20:55 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\delorphans.bat
2014-10-03 18:20:55 3A40BCC137EC34F9C8584B1E8D3F96AC 14957 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\get.bat
2014-10-03 18:20:55 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\ask.bat
2014-10-03 18:20:55 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\iexplore.bat
2014-10-03 18:20:55 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\delfolders.bat
2014-10-03 18:20:55 033C39EE1AA271C9DC11FC486ED20C64 14144 ----a-w- C:\Users\Philip\AppData\Local\Temp\jrt\chrome.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 7"="C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /Auto"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IObit Malware Fighter"="C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ArcSoft Connection Service]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ArcSoft Connection Service"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\ArcSoft\\Connection Service\\Bin\\ACDaemon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Roxio\\Media Experience\\DMXLauncher.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HPAdvisorDock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPAdvisorDock"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Hewlett-Packard\\HP Advisor\\DOCK\\HPAdvisorDock.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpqSRMon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpqSRMon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Scansoft\\PaperPort\\IndexSearch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM Startup"
"hkey"="HKLM"
"command"="c:\\PROGRA~2\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSScheduler"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LightScribe Control Panel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LightScribe Control Panel"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PogoplugPC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PogoplugPC"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\PogoplugPC\\ppserver.exe\" --starthidden"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxWatchTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoxWatchTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmartMenu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
"item"="Event Reminder"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Event Reminder.lnk"
"backup"="C:\\Windows\\pss\\Event Reminder.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files (x86)\\The Print Shop 23\\Remind.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"item"="HP Digital Imaging Monitor"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\Windows\\pss\\HP Digital Imaging Monitor.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Hp\\DIGITA~1\\bin\\hpqtra08.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"item"="Kodak EasyShare software"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\Windows\\pss\\Kodak EasyShare software.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
"item"="Snapfish PictureMover"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Snapfish PictureMover.lnk"
"backup"="C:\\Windows\\pss\\Snapfish PictureMover.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PICTUR~1\\Bin\\PICTUR~1.EXE"
==== Startup Folders ======================
2014-08-18 00:05:46 1055 ----a-w- C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/24/2014 01:55 PM]
C:\Windows\tasks\EasyShare Registration Task.job --a------ C:\Windows\system32\rundll32ZC:\PROGRA3\Kodak\EasyShareSetup\REGIS1\Registration_8.3.20.1.sxt _RegistrationOffer@16Philip01 []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ :C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/27/2014 11:39 AM]
C:\Windows\tasks\HP Photo Creations Communicator.job --a------ C:\ProgramData\HP Photo Creations\Communicator.exe [03/31/2013 09:32 PM]
C:\Windows\tasks\HPCeeScheduleForPhilip.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/13/2010 10:15 PM]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\ASC7_SkipUac_Philip" ["C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe" /SkipUac]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (Philip)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (SYSTEM)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\EasyShare Registration Task" [C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HP Photo Creations Communicator" [C:\ProgramData\HP Photo Creations\Communicator.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForPhilip" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe"]
"C:\Windows\SysNative\tasks\RecoveryCDWin7" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\ServicePlan" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\SmartDefrag3_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe]
"C:\Windows\SysNative\tasks\SmartDefrag3_Update" [C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe]
"C:\Windows\SysNative\tasks\Test TimeTrigger" [C:\Users\Philip\AppData\Local\Temp\Runner.exe]
"C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask" [C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03/30/2013 02:55 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03/30/2013 02:55 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Ads Removal - %ProfilePath%\extensions\[email protected]
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\[email protected]
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\ztmfvorq.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Philip\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
472DAEA6EEE84240DEA132C95C57EB68 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
Internet Speed Tracker - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\acdnhokdlhndmflmklllleemdenbikla
Google Voice Search Hotword (Beta) - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Google Wallet - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Checker Plus for Gmail™ - Philip\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj
Docs - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Startpages ======================
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com/" ]
C:\Users\Philip\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
false,"was_installed_by_default":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13007711863895600","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.c...ription":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\resources\\cloud_print","was_installed_by_default":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"yn","creation_flags":137,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"]},"install_time":"13007711866493600","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google....cription":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"https://mail.google....y":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\PepperFlash\\pepflashplayer.dll","version":"11.6.602.180"},{"enabled":true,"name":"Chrome Remote Desktop Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\pdf.dll","version":""},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.135\\npGoogleUpdate3.dll","version":"1.3.21.135"},{"enabled":true,"name":"Bing Bar","path":"C:\\Program Files (x86)\\MSN Toolbar\\Platform\\5.0.1438.0\\npwinext.dll","version":"5.0.1438.0"},{"enabled":true,"name":"Windows Live\u00AE Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"14.0.8081.0709_ship.wlx.w3m3 (ship)"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.50401.0\\npctrl.dll","version":"4.0.50401.0"},{"enabled":true,"name":"Adobe Flash Player"},{"enabled":true,"name":"Bing Bar"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Live\u00AE Photo Gallery"}],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":12,"content_settings":{"clear_on_exit_migrated":true,"pref_version":1},"created_by_version":"25.0.1364.172","exit_type":"Normal","exited_cleanly":true,"name":"Sneaky"},"promo":{"ntp_notification_promo":[{"closed":false,"end":1363751940.0,"gplus_required":false,"group":0,"increment":1,"increment_frequency":0,"increment_max":1,"max_views":15,"num_groups":1,"segment":1,"start":1362546000.0,"text":"New! The latest versions of Chrome's mobile apps are now available on \u003Ca href=\"https://play.google....o\"\u003EGoogle Play\u003C/a\u003E and the \u003Ca href=\"https://itunes.apple...mt=8\"\u003EApp Store\u003C/a\u003E.","views":0}]},"session":{"restore_on_startup": 4, "startup_urls": [ "http://www.only-sear...4_onst&tsp=5362" ]},"sync_promo":{"startup_count":1,"view_count":1},"homepage":"http://www.only-sear...search_provider": {"synced_guid": "{8AA8A2C1-6D4D-45CA-8E8A-C1FE0ABE2236}"},"default_search_provider_data": {"template_url_data": {"alternate_urls": [ ],"created_by_policy": false,"date_created": "0","favicon_url": "http://www.only-sear...avicon.ico","id": "1000","image_url": "","image_url_post_params": "","input_encodings": [ "UTF-8" ],"instant_url": "","instant_url_post_params": "","keyword": "only-search.com","last_modified": "0","new_tab_url": "","originating_url": "","prepopulate_id": 1,"safe_for_autoreplace": true,"search_terms_replacement_key": "","search_url_post_params": "","short_name": "Only Search","suggestions_url": "","suggestions_url_post_params": "","synced_guid": "{8AA8A2C1-6D4D-45CA-8E8A-C1FE0ABE2236}","url": "http://www.only-sear...2","usage_count": 0}}}
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.only-sear...1FF7EB&tsp=5362"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://securityrespo...r/fix_homepage/"
"Start Page"="http://www.symantec....&pvid=21.5.0.19"
"Search Page"="http://securityrespo...r/fix_homepage/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://securityrespo...r/fix_homepage/"
"Start Page"="http://www.symantec....&pvid=21.5.0.19"
"Search Page"="http://securityrespo...r/fix_homepage/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...Box&FORM=IE8SRC"
{3CC8EA46-C645-4134-A48D-0C77F46A73B3} Unknown Url="Not_Found"
{AC4E08EF-2183-450E-B346-D4163BA55119} Unknown Url="Not_Found"
{D1564CAF-8680-4433-9C61-28CBD2EB9C6C} Yahoo Url="http://search.yahoo....&p={searchTerms}"
{E036A19D-ADDA-4EDB-A48C-6EB3B5C33BCC} Vgrabber v1 Customized Web Search Url="http://search.condui...4682429425&UM=2"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on Thu 10/09/2014 at 9:15:19.54 ======================
Awaiting your response
Phil
Ok, good start!
OK, yesterday gone all day
Not a problem as we're all volunteers here and no one does this full time. We try to get at least one response per 24 hours if we can.
- I had done a couple of things while waiting for your first response. So I will be posting a little extra this time, just to ensure you see all that is going on.
Excellent, however notice a few things that came to my attention.
OTL log (10092014_071320.log) (Oct 9th)
Yes, this is the fix log and looks as expected.
ADW log from Oct 4th (I think)
No, not quite... How about March 10th
(1st ADW run Oct 4th))
# AdwCleaner v3.311 - Report created 03/10/2014 at 14:04:38
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Philip - PHILIP-HP
# Running from : C:\Users\Philip\Downloads\AdwCleaner.exe
ADW log from Oct 9th (after the OTL script run)
Close
(Second ADW Oct 9th)
# AdwCleaner v3.311 - Report created 09/10/2014 at 07:49:02
# Updated 30/09/2014 by Xplode
JRT log from Oct 4th (I think)
Oct 3
JRT log from Oct 9th (after the OTL script run)
Yup!
ZOEK-result
Oct 9th
I hope you take my teasing in the good natured way that I intended You are doing quite well with all of this and it helps me to know that you are a well informed and serious user
That said, all these logs are as expected and consistant with where we are in the fix process. Let's talk about this other stuff and then we'll get on with the cleaning.
I have wondered about all those programs running at the same time but didn't have crashes or blue screens so I figured live with the slow. Then that got beyond my patience so I found you guys. Now I agree, I will leave Norton on, get rid of MBAM and IOBIT. But will take your advice and run MBAM once a month for safety sake. Will be installing Defender and Avast. If Norton should also be removed then I will as the money is not the problem - it is all the time wasted waiting for a slow machine.
It's difficult and frustrating trying to work through all of these particulars. Especially with A/V's and all that. Everyone you talk to will have a different opinion on each. What I try and do it give you the benefit of what I see with visitors here on G2G and what other Helpers do and suggest. The other variable in this mix is that every handful of months a new product comes out or an existing product changes in some way so that that our opinion and guidance changes. So remember, this is "point in time" assessment and advice. So please stop back often and talk with me/us.
I'm in agreement with your decision on MBAM, IOBIT and Norton. Remember that for a/v's it's one to a machine. Not more than one. So, pick Defender or Avast, but not both. And, I'm a fan of both, so you can't go wrong either way. Defender is free. Avast has a free a/v, but paid subscription for the other components. I use Defender on my W7, W8 and Vista Machines, Avast on my XP and two of my other W7 machines. Love them both!
Ok, back to your machine. Did we fix the Proxy issue? Did you test all browsers and are they all working? Last, give me one more OTL scan like you did in your original post. Then just post the OTL.txt.
Defender part of Win7 is running, also Avast is running, and Norton Internet Security is running.
No your kidding is not offensive at all )
The 3/10/14 ADW still is confusing as I have never run that program before and was the only ADW log file on my desktop. Oh well, not a big deal.
All appears to be working except when opening Chrome it opens with a second one as a tab. (Both are attempting to reach the same place, I just "X" out of the second one each time.)
The 'proxy' problem seems to disappeared.
I have a few of these problems on my Laptop also: thought I would remove MBAM, IOBIT, run OTL and then open a new ticket on that one or should I stick to this discussion here? Either way it will be a few days before I can get to that PC.
Here is the latest OTL
Quite an improvement!
Defender part of Win7 is running, also Avast is running, and Norton Internet Security is running.
Tend to this as quickly as you can. While two or more a/v's are running, it's effectively the same as having none running.
The 'proxy' problem seems to disappeared.
Yes, I see that too in the log, yet I'm still not happy with the way Chrome looks. How about Reseting Chrome using the instructions on this page https://support.goog...296214?hl=en-GB
Let me know if that fixes the extra Tab. On the surface it's no big deal, but it hints strongly at significant underlying issues.
If the Tab is gone, then move on to these final scans. If not, hold off on MBAM and ESET and let me know.
This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.
If using Internet Explorer:
If using Mozilla Firefox or Google Chrome:
To perform the scan:
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
I have a few of these problems on my Laptop also: thought I would remove MBAM, IOBIT, run OTL and then open a new ticket on that one or should I stick to this discussion here? Either way it will be a few days before I can get to that PC.
Since it's a different machine, go ahead and open a different ticket.
Think I will go to bed now.
WOW this took six hours to run
ESET is a great, Deep Scanning tool, but an odd one in that sometimes if finishes within minutes and other times it takes...6 Hours.
I used to have a line in my canned about the length of time, but a lot of the recent scans took only minutes, so I removed it. I guess I need to put the warning back.
In any case, unless you have questions or issues, I think I will send you on your way!
I will also remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Good news ----- Your log appears clean
A good workman always cleans up after himself so..The following piece of code will implement some cleanup procedures as well as reset System Restore points:
Download and run Delfix
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent install this programme to lock down and prevent crypto ransom-ware. (This is really important!)
Malwarebytes.
Update and run weekly to keep your system clean. Same with ESET, but in your case let it run over night while you sleep
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
If you have any questions or further problems, feel free to stop back It's been a pleasure!!
OK thanks a million - do those remaining tasks and run it for a couple of days and report back good or bad. Pretty busy elsewhere right now so not much time for PC stuff.
Again thanks
Phil
Take care!!!
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.