Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware/Spyware Removal


  • This topic is locked This topic is locked

#1
jthomison

jthomison

    Member

  • Member
  • PipPip
  • 18 posts

Can not delete, uninstall, or remove defaulting browser "Home Safe Page".  Additionally, periodically get random "pop-up" ads. Despite "uninstalling" various programs.  Also, not for sure if problem but there appears to be a lot of files open/running when the Task Bar is open.  I am guess there is just multiple ad oriented malware.

 

Julianne

 

 

OTL logfile created on: 12/21/2014 7:25:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 60.48% Memory free
7.73 Gb Paging File | 5.93 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 191.81 Gb Free Space | 82.40% Space Free | Partition Type: NTFS
 
Computer Name: 16KXXN1 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/21 19:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/22 13:13:20 | 000,352,152 | ---- | M] (Cinema ProV22.11) -- C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\c406c112-89b8-4d29-9704-35feec7c6fa9.exe
PRC - [2014/08/22 13:13:03 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/08/22 13:12:59 | 000,724,480 | ---- | M] () -- C:\Program Files (x86)\SupTab\HpUI.exe
PRC - [2014/08/22 09:44:50 | 003,339,768 | ---- | M] () -- C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe
PRC - [2014/07/16 11:16:28 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\SupTab\Loader32.exe
PRC - [2013/01/23 16:19:06 | 002,497,408 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2013/01/23 16:18:56 | 000,324,992 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/08 15:59:56 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/22 13:13:05 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
MOD - [2014/08/22 13:12:59 | 000,724,480 | ---- | M] () -- C:\Program Files (x86)\SupTab\HpUI.exe
MOD - [2014/08/22 09:44:50 | 003,339,768 | ---- | M] () -- C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe
MOD - [2014/07/31 11:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 11:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/07/16 11:16:28 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\SupTab\Loader32.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/30 01:24:10 | 002,443,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/17 10:51:24 | 003,377,904 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/07/17 10:50:38 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/07/17 10:50:08 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/07/17 10:49:16 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/07 21:06:18 | 001,044,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2013/03/07 21:06:18 | 000,037,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2013/01/22 12:56:52 | 002,280,952 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV:64bit: - [2010/08/16 22:59:52 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/08/16 22:58:34 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/01/08 15:59:56 | 000,919,328 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2014/12/21 15:31:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/22 13:11:01 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014/11/22 13:11:01 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014/08/22 13:13:03 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/01/23 16:19:06 | 002,497,408 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013/01/23 16:18:56 | 000,324,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/20 07:24:20 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{f9f63dc8-69eb-4401-b96f-f478137556a8}w64.sys -- ({f9f63dc8-69eb-4401-b96f-f478137556a8}w64)
DRV:64bit: - [2014/11/26 23:28:12 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64.sys -- ({8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64)
DRV:64bit: - [2014/11/22 02:26:08 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64.sys -- ({52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64)
DRV:64bit: - [2014/09/22 12:54:18 | 000,048,832 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{e4a6645a-3f85-4e1f-aa41-8367978844db}Gw64.sys -- ({e4a6645a-3f85-4e1f-aa41-8367978844db}Gw64)
DRV:64bit: - [2014/08/20 20:25:04 | 000,061,072 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys -- ({c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64)
DRV:64bit: - [2014/08/12 13:35:59 | 000,321,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2014/08/12 13:35:59 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2014/08/12 13:35:59 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2014/08/12 13:35:59 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2014/08/12 13:35:59 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/06/10 20:50:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/05/29 05:10:52 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/03/07 21:06:20 | 000,047,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2013/02/21 13:10:12 | 000,489,264 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2013/01/23 16:18:50 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/23 09:22:54 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/16 22:59:58 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/21 14:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/04/05 22:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/03/19 15:39:58 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/10/26 19:39:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://astromenda.co...r=1483227670=
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istart123...&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=344307663=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 27 5D 3B 6A B6 CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{85E97AC5-9A64-47E5-BDA2-91C7A41EB629}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldlebdchfchnclgjhehlijjdeagejfh\15432.8584.2653_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgmpldemagmhkdicpkdlbcecclffkjl\1.0.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Cinema Video Pro 1.6V22.11) - {11111111-1111-1111-1111-110611571179} - C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bho64.dll (Cinema ProV22.11)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Cinema Video Pro 1.6V22.11) - {11111111-1111-1111-1111-110611571179} - C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bho.dll (Cinema ProV22.11)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AnyProtect Scanner] "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" File not found
O4 - HKLM..\Run: [fst_us_224]  File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\RunOnce: [upfst_us_224.exe] C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe ()
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1419205803 File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D0912A-6518-4331-BD00-04DC9D0BC8E0}: DhcpNameServer = 10.1.30.8 10.1.30.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFC67F0F-B562-4071-A82E-3AD3A42D263E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/21 19:24:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2014/12/21 15:53:36 | 000,000,000 | ---D | C] -- C:\ZombieNews
[2014/12/21 15:50:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/20 17:49:46 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{f9f63dc8-69eb-4401-b96f-f478137556a8}w64.sys
[2014/11/27 08:38:52 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\EmieBrowserModeList
[2014/11/27 08:38:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\itesing
[2014/11/27 08:34:49 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64.sys
[2014/11/22 13:15:31 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64.sys
[2014/11/22 13:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\2355320829
[2014/11/22 13:12:39 | 001,496,472 | ---- | C] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YMBS.exe
[2014/11/22 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\64c34844-6320-482f-b3ec-3928929a1eaf
[2014/11/22 13:11:58 | 001,977,240 | ---- | C] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YCLW.exe
[2014/11/22 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\globalUpdate
[2014/11/22 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/11/22 13:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cinema Video Pro 1.6V22.11
[2014/11/22 13:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Optimizer
[2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/21 19:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2014/12/21 19:24:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/21 19:17:09 | 000,005,526 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-6.job
[2014/12/21 19:16:01 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/12/21 19:13:06 | 000,002,454 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5_user.job
[2014/12/21 19:13:06 | 000,002,454 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5.job
[2014/12/21 19:13:00 | 000,002,118 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-2.job
[2014/12/21 19:13:00 | 000,001,470 | ---- | M] () -- C:\Windows\tasks\c406c112-89b8-4d29-9704-35feec7c6fa9.job
[2014/12/21 19:12:03 | 000,005,192 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-11.job
[2014/12/21 19:12:03 | 000,004,502 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-4.job
[2014/12/21 19:12:00 | 000,005,526 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-7.job
[2014/12/21 19:12:00 | 000,003,484 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-1.job
[2014/12/21 19:12:00 | 000,000,666 | ---- | M] () -- C:\Windows\tasks\3b919633-fcc1-4c77-82e3-ea433135d2e1.job
[2014/12/21 19:11:03 | 000,004,502 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-3.job
[2014/12/21 18:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/21 17:56:48 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/21 17:56:48 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/21 17:53:57 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/21 17:53:57 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/21 17:53:57 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/21 17:49:39 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/12/21 17:49:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/21 17:48:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/21 17:48:38 | 3112,562,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/20 10:55:45 | 000,001,819 | ---- | M] () -- C:\Windows\patsearch.bin
[2014/12/20 07:24:20 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{f9f63dc8-69eb-4401-b96f-f478137556a8}w64.sys
[2014/11/27 08:38:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrH_01009.Wdf
[2014/11/27 07:02:50 | 000,437,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/26 23:28:12 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64.sys
[2014/11/22 13:12:39 | 001,496,472 | ---- | M] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YMBS.exe
[2014/11/22 13:12:12 | 000,002,341 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/22 13:12:12 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/22 13:11:58 | 001,977,240 | ---- | M] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YCLW.exe
[2014/11/22 02:26:08 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64.sys
[2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/27 08:38:51 | 000,001,819 | ---- | C] () -- C:\Windows\patsearch.bin
[2014/11/27 08:38:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrH_01009.Wdf
[2014/11/22 13:13:30 | 000,002,454 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5_user.job
[2014/11/22 13:13:26 | 000,002,454 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5.job
[2014/11/22 13:13:20 | 000,001,470 | ---- | C] () -- C:\Windows\tasks\c406c112-89b8-4d29-9704-35feec7c6fa9.job
[2014/11/22 13:13:01 | 000,002,118 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-2.job
[2014/11/22 13:12:42 | 000,003,484 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-1.job
[2014/11/22 13:12:34 | 000,004,502 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-4.job
[2014/11/22 13:12:17 | 000,005,526 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-6.job
[2014/11/22 13:12:12 | 000,005,526 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-7.job
[2014/11/22 13:12:06 | 000,000,666 | ---- | C] () -- C:\Windows\tasks\3b919633-fcc1-4c77-82e3-ea433135d2e1.job
[2014/11/22 13:12:00 | 000,005,192 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-11.job
[2014/11/22 13:11:26 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/11/22 13:11:18 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/11/22 13:11:03 | 000,004,502 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-3.job
[2014/08/23 10:22:59 | 000,000,083 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2014/08/22 14:25:00 | 000,000,312 | ---- | C] () -- C:\Users\User\AppData\Roaming\aps.uninstall.scan.results
[2014/08/22 13:12:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/12 13:31:32 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/22 14:24:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ap_logs
[2014/11/27 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\itesing
[2014/08/24 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
[2014/08/22 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdaterEX
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
You have a lot of adware, this will take some time...

I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Can you post Extra's .txt Log file it gets minimized to the taskbar. If you cannot find it re-run OTL. In the Extra registry group place a check mark in "ALL" that will recreate the extra's.txt log

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    • Extra's.txt
    Thanks
    Joe :)

  • 0

#3
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
After attempting to download AdwCleaner to Desktop, I can not open. It keeps asking for a program to "open" it with?
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
What about the Junkware Removal Tool scan lets see if the will open and run.
  • 0

#5
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Actually the same problem. It asks for a program to "Open". Makes no sense.
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
It looks like a file association problem, possibly caused by malware.

Lets try something,

Note: If your security software warns about Rkill, ignore & allow the download to continue.
Download RKill by Grinler from Here & save it to your Desktop.
Alternate download links:
Two
Three
Four
  • Double click Rkill to run it
  • A command window will open then disappear upon completion, this is normal
  • If this does not happen... delete the file, then download & use the next link provided
  • If it does not work, repeat the process & attempt to use one of the remaining links until the tool runs
  • Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know

  • 0

#7
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
None of the downloads are being completed.
  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

Funny you had no problem with OTL. Lets try the fix I have already for you and see if it works

Fix using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...&q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...&q={searchTerms}
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://astromenda.co...r=1483227670=
    IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istart123...&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=344307663=
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 27 5D 3B 6A B6 CF 01  [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...&q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...&q={searchTerms}
    IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
    IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
    CHR - default_search_provider:  ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage:
    O2:64bit: - BHO: (Cinema Video Pro 1.6V22.11) - {11111111-1111-1111-1111-110611571179} - C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bho64.dll (Cinema ProV22.11)
    O2 - BHO: (Cinema Video Pro 1.6V22.11) - {11111111-1111-1111-1111-110611571179} - C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bho.dll (Cinema ProV22.11)
    O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
    O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O4 - HKLM..\Run: [AnyProtect Scanner] "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" File not found
    O4 - HKLM..\Run: [fst_us_224]  File not found
    O4 - HKLM..\RunOnce: [upfst_us_224.exe] C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe ()
    O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1419205803 File not found
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found
    [2014/11/22 13:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\2355320829
    [2014/11/22 13:12:39 | 001,496,472 | ---- | C] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YMBS.exe
    [2014/11/22 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\64c34844-6320-482f-b3ec-3928929a1eaf
    [2014/11/22 13:11:58 | 001,977,240 | ---- | C] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YCLW.exe
    [2014/11/22 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\globalUpdate
    [2014/11/22 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
    [2014/11/22 13:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cinema Video Pro 1.6V22.11
    [2014/11/22 13:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Optimizer
    [2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2014/12/21 19:17:09 | 000,005,526 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-6.job
    [2014/12/21 19:16:01 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
    [2014/12/21 19:13:06 | 000,002,454 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5_user.job
    [2014/12/21 19:13:06 | 000,002,454 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5.job
    [2014/12/21 19:13:00 | 000,002,118 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-2.job
    [2014/12/21 19:13:00 | 000,001,470 | ---- | M] () -- C:\Windows\tasks\c406c112-89b8-4d29-9704-35feec7c6fa9.job
    [2014/12/21 19:12:03 | 000,005,192 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-11.job
    [2014/12/21 19:12:03 | 000,004,502 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-4.job
    [2014/12/21 19:12:00 | 000,005,526 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-7.job
    [2014/12/21 19:12:00 | 000,003,484 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-1.job
    [2014/12/21 19:12:00 | 000,000,666 | ---- | M] () -- C:\Windows\tasks\3b919633-fcc1-4c77-82e3-ea433135d2e1.job
    [2014/12/21 19:11:03 | 000,004,502 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-3.job
    [2014/12/20 10:55:45 | 000,001,819 | ---- | M] () -- C:\Windows\patsearch.bin
    [2014/11/22 13:11:58 | 001,977,240 | ---- | M] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YCLW.exe
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:373E1720
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\c406c112-89b8-4d29-9704-35feec7c6fa9.exe
    C:\Program Files (x86)\SupTab\HpUI.exe
    C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe
    C:\Program Files (x86)\SupTab\Loader32.exe
    C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
    C:\Users\User\AppData\Roaming\Systweak
    C:\Users\User\AppData\Roaming\UpdaterEX
    
    :Commands
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:

The OTL Fix log.
  • 0

#9
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

I can at least forward the OTL "Extra's.txt" file you request, which has been pasted in below.

 

OTL logfile created on: 12/21/2014 7:25:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 60.48% Memory free
7.73 Gb Paging File | 5.93 Gb Available in Paging File | 76.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 191.81 Gb Free Space | 82.40% Space Free | Partition Type: NTFS
 
Computer Name: 16KXXN1 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/21 19:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/22 13:13:20 | 000,352,152 | ---- | M] (Cinema ProV22.11) -- C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\c406c112-89b8-4d29-9704-35feec7c6fa9.exe
PRC - [2014/08/22 13:13:03 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/08/22 13:12:59 | 000,724,480 | ---- | M] () -- C:\Program Files (x86)\SupTab\HpUI.exe
PRC - [2014/08/22 09:44:50 | 003,339,768 | ---- | M] () -- C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe
PRC - [2014/07/16 11:16:28 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\SupTab\Loader32.exe
PRC - [2013/01/23 16:19:06 | 002,497,408 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2013/01/23 16:18:56 | 000,324,992 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/08 15:59:56 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/22 13:13:05 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
MOD - [2014/08/22 13:12:59 | 000,724,480 | ---- | M] () -- C:\Program Files (x86)\SupTab\HpUI.exe
MOD - [2014/08/22 09:44:50 | 003,339,768 | ---- | M] () -- C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe
MOD - [2014/07/31 11:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 11:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/07/16 11:16:28 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\SupTab\Loader32.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/30 01:24:10 | 002,443,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/07/17 10:51:24 | 003,377,904 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/07/17 10:50:38 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/07/17 10:50:08 | 000,626,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/07/17 10:49:16 | 000,149,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/07 21:06:18 | 001,044,872 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2013/03/07 21:06:18 | 000,037,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2013/01/22 12:56:52 | 002,280,952 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe -- (DFEPService)
SRV:64bit: - [2010/08/16 22:59:52 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/08/16 22:58:34 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/01/08 15:59:56 | 000,919,328 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2014/12/21 15:31:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 00:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/22 13:11:01 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014/11/22 13:11:01 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014/08/22 13:13:03 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/01/23 16:19:06 | 002,497,408 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013/01/23 16:18:56 | 000,324,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/20 07:24:20 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{f9f63dc8-69eb-4401-b96f-f478137556a8}w64.sys -- ({f9f63dc8-69eb-4401-b96f-f478137556a8}w64)
DRV:64bit: - [2014/11/26 23:28:12 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64.sys -- ({8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64)
DRV:64bit: - [2014/11/22 02:26:08 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64.sys -- ({52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64)
DRV:64bit: - [2014/09/22 12:54:18 | 000,048,832 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{e4a6645a-3f85-4e1f-aa41-8367978844db}Gw64.sys -- ({e4a6645a-3f85-4e1f-aa41-8367978844db}Gw64)
DRV:64bit: - [2014/08/20 20:25:04 | 000,061,072 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys -- ({c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64)
DRV:64bit: - [2014/08/12 13:35:59 | 000,321,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2014/08/12 13:35:59 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2014/08/12 13:35:59 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2014/08/12 13:35:59 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2014/08/12 13:35:59 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/06/10 20:50:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/05/29 05:10:52 | 011,524,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/03/07 21:06:20 | 000,047,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2013/02/21 13:10:12 | 000,489,264 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2013/01/23 16:18:50 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/23 09:22:54 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\accelern.sys -- (Acceler)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/16 22:59:58 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/21 14:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/04/05 22:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2010/03/19 15:39:58 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/10/26 19:39:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://astromenda.co...r=1483227670=
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istart123...&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=344307663=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...G1AB0L5613L5613
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 27 5D 3B 6A B6 CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{85E97AC5-9A64-47E5-BDA2-91C7A41EB629}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldlebdchfchnclgjhehlijjdeagejfh\15432.8584.2653_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp\1.26.25_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgmpldemagmhkdicpkdlbcecclffkjl\1.0.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.7_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Cinema Video Pro 1.6V22.11) - {11111111-1111-1111-1111-110611571179} - C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bho64.dll (Cinema ProV22.11)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Cinema Video Pro 1.6V22.11) - {11111111-1111-1111-1111-110611571179} - C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bho.dll (Cinema ProV22.11)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AnyProtect Scanner] "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe" File not found
O4 - HKLM..\Run: [fst_us_224]  File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\RunOnce: [upfst_us_224.exe] C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe ()
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1419205803 File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D0912A-6518-4331-BD00-04DC9D0BC8E0}: DhcpNameServer = 10.1.30.8 10.1.30.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFC67F0F-B562-4071-A82E-3AD3A42D263E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/21 19:24:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2014/12/21 15:53:36 | 000,000,000 | ---D | C] -- C:\ZombieNews
[2014/12/21 15:50:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/20 17:49:46 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{f9f63dc8-69eb-4401-b96f-f478137556a8}w64.sys
[2014/11/27 08:38:52 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\EmieBrowserModeList
[2014/11/27 08:38:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\itesing
[2014/11/27 08:34:49 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64.sys
[2014/11/22 13:15:31 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64.sys
[2014/11/22 13:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\2355320829
[2014/11/22 13:12:39 | 001,496,472 | ---- | C] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YMBS.exe
[2014/11/22 13:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\64c34844-6320-482f-b3ec-3928929a1eaf
[2014/11/22 13:11:58 | 001,977,240 | ---- | C] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YCLW.exe
[2014/11/22 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\globalUpdate
[2014/11/22 13:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/11/22 13:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cinema Video Pro 1.6V22.11
[2014/11/22 13:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Optimizer
[2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/21 19:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2014/12/21 19:24:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/21 19:17:09 | 000,005,526 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-6.job
[2014/12/21 19:16:01 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/12/21 19:13:06 | 000,002,454 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5_user.job
[2014/12/21 19:13:06 | 000,002,454 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5.job
[2014/12/21 19:13:00 | 000,002,118 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-2.job
[2014/12/21 19:13:00 | 000,001,470 | ---- | M] () -- C:\Windows\tasks\c406c112-89b8-4d29-9704-35feec7c6fa9.job
[2014/12/21 19:12:03 | 000,005,192 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-11.job
[2014/12/21 19:12:03 | 000,004,502 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-4.job
[2014/12/21 19:12:00 | 000,005,526 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-7.job
[2014/12/21 19:12:00 | 000,003,484 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-1.job
[2014/12/21 19:12:00 | 000,000,666 | ---- | M] () -- C:\Windows\tasks\3b919633-fcc1-4c77-82e3-ea433135d2e1.job
[2014/12/21 19:11:03 | 000,004,502 | ---- | M] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-3.job
[2014/12/21 18:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/21 17:56:48 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/21 17:56:48 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/21 17:53:57 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/21 17:53:57 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/21 17:53:57 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/21 17:49:39 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/12/21 17:49:35 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/21 17:48:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/21 17:48:38 | 3112,562,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/20 10:55:45 | 000,001,819 | ---- | M] () -- C:\Windows\patsearch.bin
[2014/12/20 07:24:20 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{f9f63dc8-69eb-4401-b96f-f478137556a8}w64.sys
[2014/11/27 08:38:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrH_01009.Wdf
[2014/11/27 07:02:50 | 000,437,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/26 23:28:12 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64.sys
[2014/11/22 13:12:39 | 001,496,472 | ---- | M] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YMBS.exe
[2014/11/22 13:12:12 | 000,002,341 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/22 13:12:12 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/22 13:11:58 | 001,977,240 | ---- | M] (Cinema ProV22.11) -- C:\Users\User\AppData\Roaming\YCLW.exe
[2014/11/22 02:26:08 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64.sys
[2 C:\Users\User\AppData\Local\*.tmp files -> C:\Users\User\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/27 08:38:51 | 000,001,819 | ---- | C] () -- C:\Windows\patsearch.bin
[2014/11/27 08:38:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrH_01009.Wdf
[2014/11/22 13:13:30 | 000,002,454 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5_user.job
[2014/11/22 13:13:26 | 000,002,454 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-5.job
[2014/11/22 13:13:20 | 000,001,470 | ---- | C] () -- C:\Windows\tasks\c406c112-89b8-4d29-9704-35feec7c6fa9.job
[2014/11/22 13:13:01 | 000,002,118 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-2.job
[2014/11/22 13:12:42 | 000,003,484 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-1.job
[2014/11/22 13:12:34 | 000,004,502 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-4.job
[2014/11/22 13:12:17 | 000,005,526 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-6.job
[2014/11/22 13:12:12 | 000,005,526 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-7.job
[2014/11/22 13:12:06 | 000,000,666 | ---- | C] () -- C:\Windows\tasks\3b919633-fcc1-4c77-82e3-ea433135d2e1.job
[2014/11/22 13:12:00 | 000,005,192 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-11.job
[2014/11/22 13:11:26 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/11/22 13:11:18 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/11/22 13:11:03 | 000,004,502 | ---- | C] () -- C:\Windows\tasks\1379f1f4-8949-403d-b1df-932d707ac836-3.job
[2014/08/23 10:22:59 | 000,000,083 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2014/08/22 14:25:00 | 000,000,312 | ---- | C] () -- C:\Users\User\AppData\Roaming\aps.uninstall.scan.results
[2014/08/22 13:12:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/12 13:31:32 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/22 14:24:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ap_logs
[2014/11/27 08:38:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\itesing
[2014/08/24 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
[2014/08/22 12:49:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdaterEX
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Try the OTL Fix in post 8

Copy, paste, run fix....
  • 0

Advertisements


#11
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Done.  Below is the OTL Txt File.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611571179}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571179}\ deleted successfully.
C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bho64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611571179}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611571179}\ deleted successfully.
C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\Cinema Video Pro 1.6V22.11-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ deleted successfully.
C:\Program Files (x86)\SupTab\SupTab.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_us_224 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upfst_us_224.exe deleted successfully.
C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe Speed Launcher deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk moved successfully.
C:\ProgramData\2355320829 folder moved successfully.
C:\Users\User\AppData\Roaming\YMBS.exe moved successfully.
C:\Program Files (x86)\64c34844-6320-482f-b3ec-3928929a1eaf folder moved successfully.
C:\Users\User\AppData\Roaming\YCLW.exe moved successfully.
C:\Users\User\AppData\Local\globalUpdate\CrashReports folder moved successfully.
C:\Users\User\AppData\Local\globalUpdate folder moved successfully.
C:\Program Files (x86)\globalUpdate\Update\Offline\{91278E19-BCA6-450E-BB76-415FAF9F26C6} folder moved successfully.
C:\Program Files (x86)\globalUpdate\Update\Offline folder moved successfully.
C:\Program Files (x86)\globalUpdate\Update\Install folder moved successfully.
C:\Program Files (x86)\globalUpdate\Update\Download folder moved successfully.
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0 folder moved successfully.
C:\Program Files (x86)\globalUpdate\Update folder moved successfully.
C:\Program Files (x86)\globalUpdate\CrashReports folder moved successfully.
C:\Program Files (x86)\globalUpdate folder moved successfully.
Folder move failed. C:\Program Files (x86)\Cinema Video Pro 1.6V22.11 scheduled to be moved on reboot.
Folder C:\Program Files (x86)\Super Optimizer\ not found.
C:\Users\User\AppData\Local\nsj142F.tmp deleted successfully.
C:\Users\User\AppData\Local\nsz3736.tmp deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-6.job moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-5_user.job moved successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-5.job moved successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-2.job moved successfully.
C:\Windows\Tasks\c406c112-89b8-4d29-9704-35feec7c6fa9.job moved successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-11.job moved successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-4.job moved successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-7.job moved successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-1.job moved successfully.
C:\Windows\Tasks\3b919633-fcc1-4c77-82e3-ea433135d2e1.job moved successfully.
C:\Windows\Tasks\1379f1f4-8949-403d-b1df-932d707ac836-3.job moved successfully.
C:\Windows\patsearch.bin moved successfully.
File C:\Users\User\AppData\Roaming\YCLW.exe not found.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\Cinema Video Pro 1.6V22.11\c406c112-89b8-4d29-9704-35feec7c6fa9.exe moved successfully.
C:\Program Files (x86)\SupTab\HpUI.exe moved successfully.
File\Folder C:\Users\User\AppData\Local\fst_us_224\upfst_us_224.exe not found.
C:\Program Files (x86)\SupTab\Loader32.exe moved successfully.
C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll moved successfully.
C:\Users\User\AppData\Roaming\Systweak\ssd folder moved successfully.
C:\Users\User\AppData\Roaming\Systweak folder moved successfully.
C:\Users\User\AppData\Roaming\UpdaterEX\UpdateProc folder moved successfully.
C:\Users\User\AppData\Roaming\UpdaterEX folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
 
User: Public
 
User: User
->Temp folder emptied: 468365873 bytes
->Temporary Internet Files folder emptied: 13368672 bytes
->Google Chrome cache emptied: 6297400 bytes
->Flash cache emptied: 11696 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1229251585 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 55236847 bytes
RecycleBin emptied: 12112048 bytes
 
Total Files Cleaned = 1,702.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12212014_235626

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files (x86)\Cinema Video Pro 1.6V22.11 scheduled to be moved on reboot.
File\Folder C:\Users\User\AppData\Local\Temp\fla2F74.tmp not found!
File move failed. C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\16KXXN1-20141221-1749.log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20141221174938988).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20141221174938988).log not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Getting late and have to go soon,

Will adwcleaner run now by any chance.
  • 0

#13
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Yes, I was able to Download AdwCleaner.  I understand it is getting late.


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
OK,

Run adwCleaner and junk removal tool post the logs.
  • 0

#15
jthomison

jthomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Ran AdwCleaner.  Here is the report.

 

 

# AdwCleaner v4.106 - Report created 22/12/2014 at 00:30:43
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - 16KXXN1
# Running from : C:\Users\User\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : IePluginServices
[#] Service Deleted : TTNFD
Service Deleted : {52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64
Service Deleted : {8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64
Service Deleted : {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64
Service Deleted : {e4a6645a-3f85-4e1f-aa41-8367978844db}Gw64
Service Deleted : {f9f63dc8-69eb-4401-b96f-f478137556a8}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ZombieNews
Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\lowpricesapp
Folder Deleted : C:\ProgramData\SaveItCoupons
Folder Deleted : C:\ProgramData\SaverAddon
Folder Deleted : C:\ProgramData\shopndrop
Folder Deleted : C:\ProgramData\cosstminn
Folder Deleted : C:\ProgramData\greatsAVVing
Folder Deleted : C:\ProgramData\PriceDownloader
Folder Deleted : C:\ProgramData\websaveri
Folder Deleted : C:\ProgramData\c328b17fbe5b7435
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\CommonShare
Folder Deleted : C:\Program Files (x86)\SaverAddon
Folder Deleted : C:\Program Files (x86)\shopndrop
Folder Deleted : C:\Program Files (x86)\cosstminn
Folder Deleted : C:\Program Files (x86)\greatsAVVing
Folder Deleted : C:\Program Files (x86)\PriceDownloader
Folder Deleted : C:\Program Files (x86)\websaveri
Folder Deleted : C:\Users\User\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\User\AppData\Local\torch
Folder Deleted : C:\Users\User\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\User\AppData\Local\fst_us_224
Folder Deleted : C:\Users\User\AppData\Roaming\ap_logs
Folder Deleted : C:\Users\User\Documents\Optimizer Pro
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp
Folder Deleted : C:\Users\User\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ejddjnilmdncjilbfjgameihlklfpohp
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{52b3431c-b6b6-4c6e-9435-4065d2e84d6c}w64.sys
File Deleted : C:\Windows\System32\drivers\{8eb97c42-dcbb-435e-94ab-1f8bc6f32b9e}w64.sys
File Deleted : C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{e4a6645a-3f85-4e1f-aa41-8367978844db}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{f9f63dc8-69eb-4401-b96f-f478137556a8}w64.sys
File Deleted : C:\Users\User\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\User\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : LaunchSignup
Task Deleted : Optimizer Pro Schedule
Task Deleted : UpdaterEX

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\User\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\SaverAddon.SaverAddon
Key Deleted : HKLM\SOFTWARE\Classes\SaverAddon.SaverAddon.9
Key Deleted : HKLM\SOFTWARE\Classes\sshaopnedroop.sshaopnedroop
Key Deleted : HKLM\SOFTWARE\Classes\sshaopnedroop.sshaopnedroop.3.1
Key Deleted : HKLM\SOFTWARE\Classes\grEatsavvIngg.grEatsavvIngg
Key Deleted : HKLM\SOFTWARE\Classes\grEatsavvIngg.grEatsavvIngg.8.3
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\WebsavEr.WebsavEr
Key Deleted : HKLM\SOFTWARE\Classes\WebsavEr.WebsavEr.6.2
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{244c2e11-1b41-4ebc-9088-daf2cf49b784}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27847E03-82DB-FB4C-0FAE-FC189B55A5BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6B5C16CC-FC01-09BC-D321-C8A0F7862A84}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{a03c0ddb-4600-47b7-b5da-9e049e1f07b1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0FDBEE8-EFBA-51F3-09D9-CB8C84582269}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572279}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575579}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576679}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644574479}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{27847E03-82DB-FB4C-0FAE-FC189B55A5BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6B5C16CC-FC01-09BC-D321-C8A0F7862A84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0FDBEE8-EFBA-51F3-09D9-CB8C84582269}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{244c2e11-1b41-4ebc-9088-daf2cf49b784}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{27847E03-82DB-FB4C-0FAE-FC189B55A5BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6B5C16CC-FC01-09BC-D321-C8A0F7862A84}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a03c0ddb-4600-47b7-b5da-9e049e1f07b1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A0FDBEE8-EFBA-51F3-09D9-CB8C84582269}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{244c2e11-1b41-4ebc-9088-daf2cf49b784}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{27847E03-82DB-FB4C-0FAE-FC189B55A5BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6B5C16CC-FC01-09BC-D321-C8A0F7862A84}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{a03c0ddb-4600-47b7-b5da-9e049e1f07b1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A0FDBEE8-EFBA-51F3-09D9-CB8C84582269}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622572279}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575579}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576679}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SpeeditUp
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\FlvPlayer
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\istart123Software
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\TermTutor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromenda.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart123.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v36.0.1985.143

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=58&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=58&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=55&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3330120&octid=EB_ORIGINAL_CTID&ISID=MEFAA550E-D43F-4B9D-BEE2-70B5A902EC75&SearchSource=55&CUI=&UM=6&UP=SPAEFCD03E-47A3-4533-986B-B43D9D3BB175&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=55&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3330120&octid=EB_ORIGINAL_CTID&ISID=MEFAA550E-D43F-4B9D-BEE2-70B5A902EC75&SearchSource=55&CUI=&UM=6&UP=SPAEFCD03E-47A3-4533-986B-B43D9D3BB175&SSPV=

-\\ Comodo Dragon v

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=58&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&q={searchTerms}&SSPV=
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333567&octid=EB_ORIGINAL_CTID&ISID=M6BA0123B-E1A1-4595-90FA-FE0F951AE4C0&SearchSource=58&CUI=&UM=8&UP=SPE3281382-B252-4DB2-9E34-534632BE8C87&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [22113 octets] - [22/12/2014 00:29:32]
AdwCleaner[S0].txt - [22004 octets] - [22/12/2014 00:30:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22065 octets] ##########

 

 

 

 

Ran Junkware Removal.  Here is the Report.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Mon 12/22/2014 at  0:33:45.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/22/2014 at  0:36:10.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Glad to continue later tomorrow?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP