Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Trusted Helper
umm for the .blee ... do I disable AV?
Sorry, yes. WHen the instructions say Disable Security Software, they are taking about A/V and/or anything else of a Security nature that would block the Scanner (ESET or anything else) from operating.
If you know how to Disable your A/V, you don't need to bother with the BC information. It's just for people that don't know how to do it.
Member
That was a fast scan .....
MiniToolBox by Farbar Version: 30-11-2014
Ran by vito (administrator) on 01-12-2014 at 16:13:23
Running from "C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTBE9OQ6"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
**** End of log ****
Trusted Helper
Ok, so you have no Proxy set, as I suspected. Have you tried disabling your A/V and then running ESET?
Member
I did the same earlier to disable AV .. but this time it ran .. here are the results ...
MiniToolBox by Farbar Version: 30-11-2014
Ran by vito (administrator) on 01-12-2014 at 16:13:23
Running from "C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTBE9OQ6"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
**** End of log ****
Member
Here are the scan results ......
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\vGrabber\ldrtbVgra.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\vGrabber\tbVgra.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\vito\AppData\LocalLow\vGrabber\ldrtbVgra.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\vito\AppData\LocalLow\vGrabber\tbVgra.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\vito\Downloads\asc7-setup-aff.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
Member
went back and re read the instructions ... I found the file but how do I open it in notepad ?
Trusted Helper
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
I suppose these instructions could be worded a little differently. Anyway, when the scan completes, the results will either be in a window or a text file. If it's in a text file, that "is" a Notepad file and it's already opened. All you have to do is highlight, copy and paste the contents for me. If only a windows is open, same thing...highlight, copy, paste. Really no different than everything you've been doing all along.
Member
Ok .. so I opened the file and I get a list of 16 entries ... I tried to screen shot and it wont paste here I've tried to just copy/paste and again wont paste here .. I opened a couple files and this is what was there (copy and paste worked this time) ?? I know I'm doing it wrong but I don't know what to do about it ...
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
L À F‹ 岑˜
ДÂT’˜
ДÂT’˜
Ð Q PàOÐ ê:i¢Ø +00 /C:\ l 1 E— PROGRA~2 T ï¾î:…E—* K= P r o g r a m F i l e s ( x 8 6 ) J 1 E— ESET 6 ï¾E—E—* ÙË ± E S E T l 1 E— ESETON~1 T ï¾E—E—* ÓÌ Þ E S E T O n l i n e S c a n n e r ` / _ u„M¤ OS C:\Program Files (x86)\ESET\ESET Online Scanner 5 . . \ . . \ . . \ P r o g r a m F i l e s ( x 8 6 ) \ E S E T \ E S E T O n l i n e S c a n n e r * ™ ï@Z|û üK‡JÀòà¹úŽ™ 7 ¨ 1SPS0ñ%·ïG¥ñ`Œžë¬9
E S E T O n l i n e S c a n n e r ) F i l e f o l d e r @ Ÿ¡’˜
Ð @ Ÿ¡’˜
Ð 1SPSâŠXF¼L8C»ü“&˜mÎq / S - 1 - 5 - 2 1 - 3 3 6 9 9 3 9 1 3 9 - 1 6 5 5 6 3 2 9 0 8 - 2 8 1 1 0 5 2 0 0 9 - 1 0 0 0 i 1SPSí0½ÚC ‰G§øФsf"M d E S E T ( C : \ P r o g r a m F i l e s ( x 8 6 ) ) 1SPS¦jc(=•ÒµÖ ÀOÙÐq 0 C : \ P r o g r a m F i l e s ( x 8 6 ) \ E S E T \ E S E T O n l i n e S c a n n e r ` X vito-hp µºæ/ƒH´™§Dòwøk øyä„©<Ù+]¹µºæ/ƒH´™§Dòwøk øyä„©<Ù+]¹
Trusted Helper
Wow... 
It's making me a little nervous that perhaps I missed something, so let's both look and clean in the following manner
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
icon and select 
Run as Administrator to start the tool.createsrpoint;autoclean; process; services-list; systemspecs; startupall; skipfix-iedefaults; firefoxlook; chromelook; filesrcm; installedprogs;
Post its content into your next reply.
After these have run, take a few minutes and let me know how the machine is working. Then we can discuss next steps.
Member
Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by vito on 03/12/2014 at 11:28:30.07.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9J82HG4\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-12-03-161705.log 477 bytes
==== System Restore Info ======================
03/12/2014 11:31:44 AM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\RAF deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\PDFC deleted successfully
C:\PROGRA~3\Ralink deleted successfully
C:\PROGRA~3\Yahoo! deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\vito\AppData\Roaming\ieSpell deleted successfully
C:\Users\vito\AppData\Roaming\Mozilla deleted successfully
C:\Users\vito\AppData\Roaming\ObviousIdea deleted successfully
C:\Users\vito\AppData\Roaming\TP deleted successfully
C:\Users\Administrator\AppData\Local\PDFC deleted successfully
C:\Users\vito\AppData\Local\Canon Easy-PhotoPrint EX deleted successfully
C:\Users\vito\AppData\Local\CrashDumps deleted successfully
C:\Users\vito\AppData\Local\MigWiz deleted successfully
C:\Users\vito\AppData\Local\PDFC deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{91709BE5-1238-4096-88B2-76F2F210AF24} deleted successfully
HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C9FEBFB-9D81-4C36-9460-4EF0AB5443D1} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Installed Programs ======================
Adblock Plus for IE
Adblock Plus for IE (32-bit and 64-bit)
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Problem Report Wizard
AMD VISION Engine Control Center
ANT Drivers Installer x64
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avast Free Antivirus
Big Fish Games: Game Manager
Bing Bar
Bing Bar Platform
Bing Desktop
Bing Rewards Client Installer
Blio
Bonjour
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 5.1
Canon MX890 series MP Drivers
Canon MX890 series On-screen Manual
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compl‚ment Messenger
Contr“le ActiveX Windows Live Mesh pour connexions … distance
D3DX10
Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition
DoNotTrackMe Add-on 3.2.1098
Dropbox
Elevated Installer
EPSON Printer Software
EPSON Scan
f.lux
Galerie de photos Windows Live
Garmin Express
Garmin Express Tray
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.2.3
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP IDF Software
HP LinkUp
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HydraVision
iCloud
ieSpell
iTunes
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
LabelPrint
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
MSVCRT
MSVCRT_amd64
Pin It
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power2Go
PressReader
QuickTime 7
RAF
Ralink 802.11n Wireless LAN Card
Rapport
Realtek High Definition Audio Driver
Recovery Manager
Remote Control USB Driver
Remote Graphics Receiver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
StudioTax 2013
SUPERAntiSpyware
Trusteer Endpoint Protection
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
XBMC
Zinio Reader 4
Zuma's Revenge
==== Running Processes ======================
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Users\vito\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9J82HG4\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services(whitelist) ======================
Powered by E Dev
R2 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [BingDesktopUpdate] - Bing Desktop Update service - c:\program files (x86)\microsoft\bingdesktop\bingdesktopupdater.exe
R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
R2 - [RalinkCountryRegion] - RalinkCountryRegion - c:\program files (x86)\ralink\common\racountryregion.exe
R2 - [RalinkRegistryWriter] - RalinkRegistryWriter - c:\program files (x86)\ralink\common\raregistry.exe
R2 - [RalinkRegistryWriter64] - RalinkRegistryWriter64 - c:\program files (x86)\ralink\common\raregistry64.exe
R2 - [RapportMgmtService] - Rapport Management Service - c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe
R2 - [RtkAudioService] - Realtek Audio Service - c:\program files\realtek\audio\hda\rtkaudioservice64.exe
R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [Garmin Core Update Service] - Garmin Core Update Service - c:\program files (x86)\garmin\core update service\garmin.cartography.mapupdate.coreservice.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [LiveUpdateSvc] - LiveUpdate - c:\program files (x86)\iobit\liveupdate\liveupdate.exe
S2 - [RaMediaServer] - Ralink UPnP Media Server - c:\program files (x86)\ralink\common\ramediaserver.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
S4 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [EPSON_PM_RPCV4_01] - EPSON V3 Service4(01) - c:\programdata\epson\epw!3 ssrp\e_s40rpb.exe
S4 - [HPAuto] - HP Auto - c:\program files\hewlett-packard\hp auto\hpauto.exe
S4 - [HPClientSvc] - HP Client Services - c:\program files\hewlett-packard\hp client services\hpclientservices.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Yahoo! deleted
C:\found.000 deleted
C:\Users\vito\AppData\Roaming\ParetoLogic deleted
C:\PROGRA~3\ParetoLogic deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\vito\AppData\LocalLow\ADSRemoval deleted
C:\Users\vito\AppData\LocalLow\Yahoo! deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\vito\AppData\Local\{70D09425-2125-4E7E-9940-2639B1CECFD4}" deleted
==== Registry Search Results for "createsrpoint" ======================
No instances of string "createsrpoint" found.
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 7936 MB
CPU Info: AMD Phenom™ II X4 960T Processor
CPU Speed: 3009.5 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 4200 | ATI Radeon HD 4200 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; HP 2311 Series Wide LCD Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless LAN Card | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp DVD RW AD-7251H5
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 1385.1GB | D: 12.0GB | Q: 0.0MB
Hard Disks - Free: C: 1300.0GB | D: 1.3GB | Q: 0.0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | HPQOEM - 20110629
Time Zone: Eastern Standard Time
Motherboard *: FOXCONN 2AB1
Country: Canada
Language: ENC
==== System Specs (Software) ======================
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Internet Explorer Version: 11.0.9600.17420
Google Chrome version: 39.0.2171.71
Adobe Reader version: 11.0.9.29
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Flash Player version: 15.0.0.239
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-11-28 16:07:24 B59EF013D567E5746F1DEE2565F747ED 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-28 14:34:10 F9F4905664C5B42B49E78EFA12D1A6B6 20 ----a-w- C:\Windows\¼÷í
2014-11-25 18:27:17 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-11-25 18:27:17 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-11-25 18:27:17 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-11-25 18:27:17 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-11-25 18:27:17 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\vito\AppData\Local\Temp ====
2014-12-01 18:01:08 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\libiconv2.dll
2014-12-01 18:01:08 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\libintl3.dll
2014-12-01 18:01:08 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\pcre3.dll
2014-12-01 18:01:08 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\regex2.dll
2014-12-01 18:01:08 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-28 02:40:18 D0AAAE16BA162DD89D646887F1539855 1700352 ----a-w- C:\Windows\SysWOW64\gdiplus.dll
2014-11-28 02:40:18 CA2F560921B7B8BE1CF555A5A18D54C3 348160 ----a-w- C:\Windows\SysWOW64\msvcr71.dll
2014-11-28 02:40:18 1FD3F9722119BDF7B8CFF0ECD1E84EA6 1060864 ----a-w- C:\Windows\SysWOW64\mfc71.dll
2014-11-22 19:59:37 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-28 16:07:33 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\Sysnative\aswBoot.exe
====== C:\Windows\Sysnative\drivers =====
2014-11-28 16:07:36 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2014-11-28 16:07:36 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\Windows\Sysnative\drivers\aswHwid.sys
2014-11-28 16:07:36 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-11-28 16:07:36 2DA1C1AEDF454F8E32A863A1AEACDD8C 83280 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-11-28 16:07:36 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-11-28 16:07:36 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-11-28 16:07:35 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\Windows\Sysnative\drivers\aswsnx.sys
2014-11-28 16:07:35 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-11-22 17:22:49 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-22 17:22:22 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-22 17:22:22 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-22 17:22:22 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-22 10:08:06 A7CF9B841956293F20E25E08D53718D6 175528 ----a-w- C:\Windows\Sysnative\drivers\tmcomm.sys
2014-11-12 03:42:19 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
2014-11-28 16:07:53 C08E7F4E72A340706974329C0A61D39D 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-11-28 02:53:18 D4B377083FF8DF2F2D3FDBCDDBA23A37 2956 ----a-w- C:\Windows\Sysnative\Tasks\{80D10C5F-1E27-49B8-8780-F0B388A48438}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-28 02:38:22 -------- d-----w- C:\Program Files\COMODO
======= C:\PROGRA~2 =====
2014-12-01 18:56:52 -------- d-----w- C:\PROGRA~2\ESET
2014-11-22 19:59:39 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-11-22 18:54:31 -------- d-----w- C:\PROGRA~2\Microsoft Expression
2014-11-22 18:45:16 -------- d-----w- C:\PROGRA~2\QuickTime
======= C: =====
====== C:\Users\vito\AppData\Roaming ======
2014-11-28 18:41:42 -------- d-----w- C:\Users\vito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-28 18:40:52 -------- d-----w- C:\Users\vito\AppData\Roaming\Dropbox
2014-11-28 03:34:11 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Trusteer
2014-11-28 02:40:50 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Comodo
2014-11-28 02:38:35 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\COMODO
2014-11-28 02:38:15 -------- d-----w- C:\Users\vito\AppData\Local\Comodo
2014-11-25 19:54:13 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-11-25 19:54:13 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-11-25 19:54:13 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-11-25 19:54:13 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2014-11-22 10:13:41 CF57535EDDB8AC1DC930FCB9BAD2FB01 10 ----a-w- C:\Users\vito\AppData\Local\sponge.last.runtime.cache
2014-11-21 23:51:07 -------- d-----w- C:\Users\vito\AppData\Local\HOOFFS
2014-11-21 23:35:44 -------- d-----w- C:\Users\vito\AppData\Roaming\JavaUpdaterV118
2014-11-21 23:35:44 -------- d-----w- C:\Users\vito\AppData\Local\Developerts_LLC
2014-11-12 08:50:33 -------- d-sh--w- C:\Users\vito\AppData\Local\EmieBrowserModeList
2014-11-12 08:50:28 -------- d-sh--w- C:\Users\vito\AppData\Locallow\EmieBrowserModeList
====== C:\Users\vito ======
2014-11-28 02:37:07 -------- d-----w- C:\ProgramData\Comodo
2014-11-26 15:26:48 13B76FC33784F23E79F298E5F226F7F6 1110016 ----a-w- C:\Users\vito\Downloads\FRST.exe
2014-11-25 19:54:13 -------- d-----w- C:\Users\Public\AppData
2014-11-22 19:59:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-22 18:45:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-22 16:52:53 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\vito\Downloads\adwcleaner_4.101.exe
2014-11-22 15:35:26 2F3B1DD634F95D265C4B30FAF8EC2082 17711760 ----a-w- C:\Users\vito\Downloads\AdobeAIRInstaller.exe
====== C: exe-files ==
2014-12-01 18:56:52 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-12-01 18:56:52 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-12-01 18:56:52 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-12-01 18:56:52 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-12-01 18:56:52 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-12-01 18:01:08 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-11-28 18:41:40 AB0C872B1FFE283D20C91C8E575E2F67 35419192 ----a-w- C:\Users\vito\AppData\Roaming\Dropbox\bin\Dropbox.exe
2014-11-28 18:41:40 3DE922CE5A2D820DDA0585EA07E9BAC0 225232 ----a-w- C:\Users\vito\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
2014-11-28 16:07:33 6663B30328C239D2AB10D2583054CF2E 364512 ----a-w- C:\Windows\System32\aswBoot.exe
=== C: other files ==
2014-12-01 18:01:07 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\prelim.bat
2014-12-01 18:01:07 EBAA7BD799FC68980A6A8594BB14A950 190569 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\misc.bat
2014-12-01 18:01:07 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\TDL4.bat
2014-12-01 18:01:07 BC28D90D34DB7AC6BB5789BF3C9E8FDB 14957 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\get.bat
2014-12-01 18:01:07 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\medfos.bat
2014-12-01 18:01:07 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\surfvox.bat
2014-12-01 18:01:07 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\searchlnk.bat
2014-12-01 18:01:07 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\firefox.bat
2014-12-01 18:01:07 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\ev_clear.bat
2014-12-01 18:01:07 813FA9E2180EE3BB5EFCE744009B5611 10880 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\runvalues.bat
2014-12-01 18:01:07 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\ask.bat
2014-12-01 18:01:07 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\iexplore.bat
2014-12-01 18:01:07 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\delfolders.bat
2014-12-01 18:01:07 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\mws.bat
2014-12-01 18:01:07 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\vito\AppData\Local\Temp\jrt\chrome.bat
2014-11-28 18:41:40 B3B7E9E398D909FA919BE73884662D86 1129317 ----a-w- C:\Users\vito\AppData\Roaming\Dropbox\bin\xui_resources.zip
2014-11-28 16:07:36 B1881A01E301990B671694CA1623F1B6 436624 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2014-11-28 16:07:36 9BE9F2B83DE80E2752B1405CC427E2EC 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-28 16:07:36 7509F07BA6F84C1E3B2C0D78A1F6F782 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-28 16:07:36 2DA1C1AEDF454F8E32A863A1AEACDD8C 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-28 16:07:36 1A5BDDE65B648DC3AD48B6ECAA3AE9C8 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-28 16:07:36 1323269A92645705DEFA053F3596829D 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-28 16:07:35 E74FD717476B30E23F45354B8F3ACB30 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-28 16:07:35 4750016EF9CC1DEC6DA3FE5AF9A7F095 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"f.lux"="C:\Users\vito\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BingDesktop"="C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"f.lux"="C:\Users\vito\AppData\Local\FluxSoftware\Flux\flux.exe /noshow"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avast]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avast"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AVAST Software\\Avast\\avastUI.exe\" /nogui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonMyPrinter"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonSolutionMenuEx"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Device Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Device Detection"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\FUJIFILM\\MyFinePix Studio\\dd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus CX4200 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON Stylus CX4200 Series"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIAEA.EXE /FU \"C:\\Windows\\TEMP\\E_SCE42.tmp\" /EF \"HKCU\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GarminExpressTrayApp"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Garmin\\Express Tray\\ExpressTray.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Default Manager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Microsoft Default Manager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Default Manager\\DefMgr.exe\" -resume"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Norton Online Backup"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Complete]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDF Complete"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF Complete\\pdfsty.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpybotSD TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^vito^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
"item"="OneNote 2010 Screen Clipper and Launcher"
"path"="C:\\Users\\vito\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office14\\ONENOTEM.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\!SASCORE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD FUEL Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EPSON_PM_RPCV4_01]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HP Support Assistant Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPAuto]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPClientSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPDrvMntSvc.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpqwmiex]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\iPod Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NOBU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\pdfcDispatcher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SBSDWSCService]
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [26/11/2014 10:01 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [18/10/2014 12:50 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\HPCeeScheduleForVITO-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43 AM]
C:\Windows\tasks\HPCeeScheduleForvito.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 04:43 AM]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GarminUpdaterTask" [C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForvito" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForVITO-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\PinItAutoUpdate" ["C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{270B58D6-4D56-48A3-A561-336DDC15721B}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{06A2683A-FE94-4FC0-A677-BB90EE82F41B}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{503FD191-7775-4593-847A-B32BF2F73A6E}" [C:\Users\vito\Desktop\Tor Browser\Browser\firefox.exe]
"C:\Windows\SysNative\tasks\{6911E958-879C-4FDA-8675-16B216878C78}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{80D10C5F-1E27-49B8-8780-F0B388A48438}" [C:\Program Files (x86)\Comodo\Dragon\dragon.exe]
"C:\Windows\SysNative\tasks\{C4036461-6B8F-4C5C-BF2B-5DD00ADA8523}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{EA768C95-758B-472D-82BC-755837FAF795}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\{F265CD4D-889D-4061-A3C3-67B6D51FBBB9}" [C:\Program Files (x86)\iTunes\iTunes.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes)" [c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28/11/2014 11:07 AM]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[28/11/2014 11:07 AM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[28/11/2014 11:07 AM]
YouTube - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Gmail - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - vito\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Startpages ======================
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
,"session": { "restore_on_startup": 4, "urls_to_restore_on_startup": [ "http://feed.snapdo.c...Date=21/11/2013"] }}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft....k/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft....k/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{3EAD0059-0CB9-42D4-87F2-E331D8BFD61D}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.co...?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{3EAD0059-0CB9-42D4-87F2-E331D8BFD61D} Bing Url="http://www.bing.com/...Box&FORM=IESR02"
{95D68E93-E8B9-4077-B354-0DF4AE6781D6} Flickr Url="https://www.flickr.c...?q={searchTerms}"
{B3FB0908-1B27-49BF-B828-A68C175FEF36} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3369939139-1655632908-2811052009-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B3FB0908-1B27-49BF-B828-A68C175FEF36} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\[email protected] deleted successfully
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detection deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0H7655PQ will be deleted at reboot
C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9J82HG4 will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\vito\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=29 folders=32 49072900 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\vito\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\vito\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0H7655PQ" deleted
"C:\Users\vito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9J82HG4" not found
==== EOF on 03/12/2014 at 12:12:53.14 ======================
Trusted Helper
Ok, how is the machine behaving now?
Also, and on a different note, can you describe how you are taking the log results from the tools and posting them for me?
I'm not trying to chastise, but I think you might be adding some unnecessary steps and maybe we can save you some effort. By way of example, look at the text and font of your posts and compare it to mine or compare it to a different thread. Quite unusual and different isn't it? Let's see if we can figure it out. It might have so relevance to how the machine is working 
Member
Here is the malware bytes log ...... the computer has been running normal the last couple days, well, at least I haven't noticed anything amiss. For the copynpaste .. I go to file select all then copy and then it'll paste when I use the clipboard on the reply to topic to paste. The one with the strange font was like that in the file .. I thought it strange and wanted you to see it.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 04/12/2014
Scan Time: 9:06:01 AM
Logfile: mallwareb.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.04.06
Rootkit Database: v2014.12.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: vito
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380337
Time Elapsed: 16 min, 32 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Trusted Helper
Well, that scan looks fine
As does the text in the Paste.
Let's let it run for a day or so. If everything is still good, then perform these next steps and post back to me.
Clean with DelFix icon and select Run as Administrator to start the tool.
Member
Hi ... here is the log ... the computer seems to be much, much better .... I must be more aware of my downloading .. I usually type my address in the address bar but, the one time I clicked the link and got burned.
# DelFix v10.8 - Logfile created 05/12/2014 at 09:02:03
# Updated 29/07/2014 by Xplode
# Username : vito - VITO-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\log.txt
Deleted : C:\zoek-results.log
Deleted : C:\zoek-results2014-12-03-161705.log
Deleted : C:\Users\vito\Downloads\adwcleaner_4.101.exe
Deleted : C:\Users\vito\Downloads\Extras.Txt
Deleted : C:\Users\vito\Downloads\FRST.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
~ Cleaning system restore ...
Deleted : RP #851 [Scheduled Checkpoint | 12/05/2014 05:00:01]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
Trusted Helper
Glad everything is working well!!
I'll keep the topic open for a few days in case you have questions, otherwise, it's been a pleasure! 
There are my suggestions for keeping your machine safe.
Preventing Re-Infection
An ounce of prevention is better than a pound of cure, so, I have listed some tips for you to stay safe on the internet in the future.
WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. Have a look at this article.
I would recommend that you completely uninstall Java unless you need it to run an important software. In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
If you still want to keep Java
Adobe products have to always be updated, because they also are being used to infect your computer.
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.
FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here
Recommendations for security programs
For some good tips about how to prevent infection in the future, visit this site.
0 members, 1 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
This topic is locked
Sign In
Create Account
