Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

webssearches.com cannot be removed as rkill will not work


  • This topic is locked This topic is locked
19 replies to this topic

#1 robaa

robaa

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 29 May 2014 - 08:38 AM

I cannot try and remove the webssearches hijack of my toolbar as the program 'rkill' does not work as  gives the error message below -

 

'temp doesnt exist

There was a problem retrieving the necessary environmental variable: Temp. dot Rkill has terminated!'

 

Any ideas?

 

___________________________________________________________________________________

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.25.2
Run by USER at 23:19:11 on 2014-05-29
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.4013.2994 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Thunderbird\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll
EB: IE Developer Tools Toolbar: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\internet explorer\iedvtool.dll
uRun: [Copernic Desktop Search - Home] "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [Join (Merge, Combine) Multiple Rar Files Into One Software.exe] <no file>
StartupFolder: C:\Users\USER\AppData\Roaming\MICROS~1\STARTM~1\Programs\Startup\7STICK~1.LNK - C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe
StartupFolder: C:\Users\USER\AppData\Roaming\MICROS~1\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\USER\AppData\Roaming\MICROS~1\STARTM~1\Programs\Startup\STICKY~1.LNK - C:\Windows\System32\StikyNot.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIRECT~1.LNK - C:\Program Files (x86)\OLYMPUS\DirectrecConfig\DirectrecConfigurationTool.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 211.29.132.12 198.142.0.51 198.142.235.14
TCP: Interfaces\{E29FD331-E0B2-4F32-95DF-338F97468F2F} : DHCPNameServer = 211.29.132.12 198.142.0.51 198.142.235.14
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
x64-mStart Page = www.google.com
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: PDN64BitBookMarkActivator.BookMark64BitActivator: {887cdc33-0de3-4fd5-a5d3-eccd4b4b396c} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: FireShot: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -
x64-TB: Post-it® Digital Notes: {735abc4c-9266-4008-9ef6-bc60be8de31f} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\cyhh5rq3.default-1401028741795\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/webhp?tab=ww&ei=rNiyUuS5F8-mkgWZrYBw&ved=0CBIQ1S4
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OneNoteGem\Anchor to OneNote\npAnchorToOneNote.dll
FF - plugin: C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\FF\plugins\npBringToOneNote.dll
FF - plugin: C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\npBringToOneNote.dll
FF - plugin: C:\Program Files (x86)\OneNoteGem\Favorite to OneNote\npFavToOneNote.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\USER\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\USER\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;C:\Windows\System32\ambakdrv.sys [2014-5-5 30648]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-1-1 108832]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-1-1 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-1-1 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-1-1 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-1-1 117024]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 30568]
R1 Nbdrv;NetBalancer LightWeight Filter;C:\Windows\System32\drivers\nbdrv.sys [2013-11-7 41392]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-5 685672]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-4-23 34544]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
S1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-9-6 21104]
S1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-2-4 352008]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
S1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\rsdrvx64.sys [2014-2-10 26024]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
S2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-4-7 3783672]
S2 ammntdrv;ammntdrv;C:\Windows\System32\ammntdrv.sys [2014-5-5 151480]
S2 amwrtdrv;amwrtdrv;C:\Windows\System32\amwrtdrv.sys [2014-5-5 17848]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Delete Duplicate Files Scan on Schedule Service;Delete Duplicate Files Scan on Schedule Service;C:\Program Files\Delete Duplicate Files\DDFS.exe [2012-12-24 2428416]
S2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-4 296808]
S2 FileOpenManagerSvc;FileOpen Manager Service;C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [2011-12-9 334720]
S2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-2-2 57840]
S2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-12-19 127752]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-9-7 72216]
S2 monblanking;monblanking;C:\Windows\System32\drivers\monblanking.sys [2013-7-17 34960]
S2 NetBalancerService;NetBalancerService;C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2013-11-7 18664]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-21 1494304]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-1-21 15129376]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
S2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-26 7084672]
S2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-5-9 1042808]
S2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-5-9 295800]
S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-4-7 367200]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-3-2 133672]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2014-1-20 89640]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-5-25 52608]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-5-25 76160]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2013-2-12 30192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-23 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-6 317440]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2014-1-31 887232]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-21 39200]
S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2013-5-21 174592]
S3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2012-2-25 21048]
S3 rspSanity;rspSanity;C:\Windows\System32\drivers\rspSanity64.sys [2012-2-25 29752]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-6-2 16152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-7 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 Agent;Agent;C:\Windows\agent_x64.exe [2012-5-9 100352]
S4 Backupper Service;AOMEI Backupper Scheduler Service;C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\ABService.exe [2014-5-5 29912]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
.
=============== Created Last 30 ================
.
2014-05-28 15:12:11    10702536    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7A9BA008-1DFD-4116-A815-9DC192E6E588}\mpengine.dll
2014-05-27 15:13:54    10702536    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-26 14:47:35    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-05-26 13:30:54    --------    d-----w-    C:\Users\USER\Intel
2014-05-26 12:33:24    338120    ----a-w-    C:\Windows\System32\SecureAssist64.dll
2014-05-26 12:30:19    --------    d-----w-    C:\Program Files\003
2014-05-25 14:00:30    --------    d-----w-    C:\Device
2014-05-25 13:33:46    --------    d-----w-    C:\AdwCleaner
2014-05-25 04:58:25    --------    d-----w-    C:\Program Files (x86)\MSR
2014-05-25 04:55:58    --------    d-----w-    C:\ProgramData\IePluginServices
2014-05-25 04:55:23    --------    d-----w-    C:\Users\USER\AppData\Local\20640
2014-05-24 20:33:39    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F8ADC9B-7952-49FD-90D9-31FFB40AA668}\gapaengine.dll
2014-05-18 14:05:30    --------    d-----w-    C:\Program Files (x86)\Common Files\Solveig Multimedia
2014-05-18 14:05:29    --------    d-----w-    C:\Program Files (x86)\Solveig Multimedia
2014-05-18 12:44:20    1024    ---ha-w-    C:\SYSTAG.BIN
2014-05-17 10:49:56    171584    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npPDFXCviewNPPlugin.dll
2014-05-15 13:37:52    --------    d-----w-    C:\Program Files\Western Digital
2014-05-14 17:02:20    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-14 17:02:20    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-13 23:27:03    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-13 23:27:02    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-13 13:06:01    --------    d-----w-    C:\Users\USER\AppData\Local\SyncFolders
2014-05-13 13:05:51    --------    d-----w-    C:\Program Files (x86)\SyncFolders
2014-05-08 11:22:20    188272    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2014-05-05 11:23:50    --------    d-----w-    C:\ProgramData\AomeiBR
2014-05-05 11:22:26    30648    ----a-w-    C:\Windows\System32\ambakdrv.sys
2014-05-05 11:22:26    17848    ----a-w-    C:\Windows\System32\amwrtdrv.sys
2014-05-05 11:22:26    151480    ----a-w-    C:\Windows\System32\ammntdrv.sys
2014-05-05 11:22:22    --------    d-----w-    C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0
2014-04-30 23:14:28    --------    d-----w-    C:\SUPERDelete
.
==================== Find3M  ====================
.
2014-05-29 12:48:48    16152    ----a-w-    C:\Windows\System32\drivers\SWDUMon.sys
2014-05-27 15:53:15    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-27 15:53:15    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-26 13:28:29    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-18 13:30:44    196608    ----a-w-    C:\Windows\SysWow64\olylistenserver.dll
2014-04-14 16:34:10    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:32    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-04-12 02:12:06    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-04-07 12:13:17    367200    ----a-w-    C:\Windows\System32\drivers\afcdp.sys
2014-04-07 12:12:49    1462560    ----a-w-    C:\Windows\System32\drivers\tdrpman.sys
2014-04-02 22:51:16    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-02 22:51:04    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-02 22:50:58    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-31 11:41:40    58568    ----a-w-    C:\Windows\SysWow64\sirenacm.dll
2014-03-31 11:34:22    322248    ----a-w-    C:\Windows\WLXPGSS.SCR
2014-03-21 01:46:46    152848    ----a-w-    C:\Windows\SysWow64\comdlg32.ocx
2014-03-20 01:43:02    16344    ----a-w-    C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
2014-03-20 01:43:02    16344    ----a-w-    C:\Windows\System32\drivers\IntelMEFWVer.dll
2014-03-20 01:43:02    118272    ----a-w-    C:\Windows\System32\drivers\TeeDriverx64.sys
2014-03-11 20:07:42    4550656    ----a-w-    C:\Windows\SysWow64\GPhotos.scr
2014-03-10 22:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01    5550016    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20    39936    ----a-w-    C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-03-04 09:44:03    722944    ----a-w-    C:\Windows\System32\objsel.dll
2014-03-04 09:44:03    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00    424960    ----a-w-    C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56    57344    ----a-w-    C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56    52736    ----a-w-    C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56    44544    ----a-w-    C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-03-04 09:43:55    56832    ----a-w-    C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55    53760    ----a-w-    C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11    3969984    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2011-09-16 03:12:42    3623592    ----a-w-    C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
2011-09-16 03:12:04    143240    ----a-w-    C:\Program Files (x86)\Common Files\ApnStub.exe
2009-02-23 21:57:34    5836800    ----a-w-    C:\Program Files (x86)\SurF.exe
.
============= FINISH: 23:21:11.81 ===============
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:29 PM

Posted 29 May 2014 - 06:48 PM

Hello robaa,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 robaa

robaa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 30 May 2014 - 05:32 AM

1. adwcleaner run. log below. Somehow  have two txt files in adw folder. So 2nd txt file added below.

2. Rogue killer log below.

Thanks for your help.

 

 

# AdwCleaner v3.211 - Report created 30/05/2014 at 19:54:57
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Desktop\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\Extensions\staged\addon@defaulttab.com.xpi
File Found : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\user.js
File Found : C:\Windows\System32\SecureAssist64.dll
File Found : C:\Windows\System32\Tasks\driverupdate startup
File Found : C:\Windows\System32\Tasks\EPUpdater
File Found : C:\Windows\System32\Tasks\Express FilesUpdate
File Found : C:\Windows\System32\Tasks\LaunchApp
File Found : C:\Windows\System32\Tasks\QtraxPlayer
File Found : C:\Windows\Tasks\driverupdate startup.job
Folder Found : C:\Program Files (x86)\file scout
Folder Found : C:\Program Files (x86)\File Type Assistant
Folder Found : C:\Program Files (x86)\goforfiles
Folder Found : C:\Program Files (x86)\iMesh Applications
Folder Found : C:\Program Files (x86)\Movdap
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Program Files (x86)\MSR
Folder Found : C:\Program Files (x86)\Red Sky
Folder Found : C:\Program Files (x86)\w3i
Folder Found : C:\Program Files\003
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\Computer Updater
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner
Folder Found : C:\ProgramData\w3i
Folder Found : C:\USERs\USER\AppData\Local\AVG Secure Search
Folder Found : C:\USERs\USER\AppData\Local\Conduit
Folder Found : C:\USERs\USER\AppData\Local\DownTango
Folder Found : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
Folder Found : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
Folder Found : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
Folder Found : C:\USERs\USER\AppData\Local\MediaGet2
Folder Found : C:\USERs\USER\AppData\Local\OpenCandy
Folder Found : C:\USERs\USER\AppData\Local\PackageAware
Folder Found : C:\USERs\USER\AppData\Local\Zoom_Downloader
Folder Found : C:\USERs\USER\AppData\LocalLow\AVG Secure Search
Folder Found : C:\USERs\USER\AppData\LocalLow\imeshtoolbarguid
Folder Found : C:\USERs\USER\AppData\LocalLow\mixidj
Folder Found : C:\USERs\USER\AppData\Roaming\ExpressFiles
Folder Found : C:\USERs\USER\AppData\Roaming\goforfiles
Folder Found : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\ConduitCommon
Folder Found : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\CT2801948
Folder Found : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Found : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\Extensions\tabutils@ithinc.cn
Folder Found : C:\USERs\USER\AppData\Roaming\pccustubinstaller
Folder Found : C:\USERs\USER\AppData\Roaming\pdfforge
Folder Found : C:\USERs\USER\AppData\Roaming\PerformerSoft

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1400993735&from=amt&uid=WDCXWD10EALX-009BA0_WD-WCATR871267812678 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aa microsoft\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1400993735&from=amt&uid=WDCXWD10EALX-009BA0_WD-WCATR871267812678 )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Internet Explorer.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1400993735&from=amt&uid=WDCXWD10EALX-009BA0_WD-WCATR871267812678 )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1400993735&from=amt&uid=WDCXWD10EALX-009BA0_WD-WCATR871267812678 )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1400993735&from=amt&uid=WDCXWD10EALX-009BA0_WD-WCATR871267812678 )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1400993735&from=amt&uid=WDCXWD10EALX-009BA0_WD-WCATR871267812678 )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1400993735&from=amt&uid=WDCXWD10EALX-009BA0_WD-WCATR871267812678 )
Shortcut Found : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc&ts=1400993735&from=amt&uid=WDCXWD10EALX-009BA0_WD-WCATR871267812678 )

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\f2d68ce16ab810
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
Key Found : HKCU\Software\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Found : HKCU\Software\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Found : HKCU\Software\imeshtoolbarguid
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\GoforFiles
Key Found : [x64] HKCU\Software\imeshtoolbarguid
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : HKLM\SOFTWARE\Classes\jZip.file
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Found : HKLM\Software\Computer Updater
Key Found : HKLM\Software\DownTango
Key Found : HKLM\Software\ExpressFiles
Key Found : HKLM\Software\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\iMeshSRTB
Key Found : HKLM\Software\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_disk-space-fan_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_disk-space-fan_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_efficient-sticky-notes_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_efficient-sticky-notes_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freebie-notes_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freebie-notes_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freecommander_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freecommander_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_networx_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_networx_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : [x64] HKLM\SOFTWARE\LevelQualityWatcher

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoEMon&co=AU&userid=4727f19d-5191-4daf-b8aa-45b78ddbd237&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\cyhh5rq3.default-1401028741795\prefs.js ]


[ File : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\prefs.js ]

Line Found : user_pref("CT2801948..clientLogIsEnabled", true);user_pref("extensions.autoDisableScopes", 0);
Line Found : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2801948.AppTrackingLastCheckTime", "Sun Aug 21 2011 10:54:53 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.CTID", "ct2801948");
Line Found : user_pref("CT2801948.CurrentServerDate", "21-8-2011");
Line Found : user_pref("CT2801948.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2801948.DialogsGetterLastCheckTime", "Sun Aug 21 2011 10:54:45 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.DownloadReferralCookieData", "");
Line Found : user_pref("CT2801948.EMailNotifierPollDate", "Sun Aug 21 2011 10:54:41 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.FirstServerDate", "21-8-2011");
Line Found : user_pref("CT2801948.FirstTime", true);
Line Found : user_pref("CT2801948.FirstTimeFF3", true);
Line Found : user_pref("CT2801948.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2801948.HasUserGlobalKeys", true);
Line Found : user_pref("CT2801948.Initialize", true);
Line Found : user_pref("CT2801948.InitializeCommonPrefs", true);
Line Found : user_pref("CT2801948.InstallationAndCookieDataSentCount", 2);
Line Found : user_pref("CT2801948.InstallationId", "ConduitStubGeneric");
Line Found : user_pref("CT2801948.InstallationType", "ConduitStubIntegration");
Line Found : user_pref("CT2801948.InstalledDate", "Sun Aug 21 2011 10:54:41 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.IsGrouping", false);
Line Found : user_pref("CT2801948.IsInitSetupIni", true);
Line Found : user_pref("CT2801948.IsMulticommunity", false);
Line Found : user_pref("CT2801948.IsOpenThankYouPage", false);
Line Found : user_pref("CT2801948.IsOpenUninstallPage", true);
Line Found : user_pref("CT2801948.LanguagePackLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2801948.LastLogin_3.6.0.10", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.LatestVersion", "3.6.0.10");
Line Found : user_pref("CT2801948.Locale", "en-us");
Line Found : user_pref("CT2801948.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2801948.MCDetectTooltipShow", false);
Line Found : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2801948.OriginalFirstVersion", "3.6.0.10");
Line Found : user_pref("CT2801948.RadioIsPodcast", false);
Line Found : user_pref("CT2801948.RadioMediaID", "21435220");
Line Found : user_pref("CT2801948.RadioMediaType", "Media Player");
Line Found : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Line Found : user_pref("CT2801948.RadioShrinked", "shrinked");
Line Found : user_pref("CT2801948.RadioShrinkedFromSetup", true);
Line Found : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Line Found : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
Line Found : user_pref("CT2801948.SHRINK_TOOLBAR", 0);
Line Found : user_pref("CT2801948.SearchBoxWidth", 269);
Line Found : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2801948.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2801948.SearchProtectorToolbarDisabled", true);
Line Found : user_pref("CT2801948.ServiceMapLastCheckTime", "Sun Aug 21 2011 10:54:36 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.SettingsLastCheckTime", "Sun Aug 21 2011 10:54:38 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.SettingsLastUpdate", "1312887586");
Line Found : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Sun Aug 21 2011 10:54:36 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1246786978");
Line Found : user_pref("CT2801948.ToolbarDisabled", true);
Line Found : user_pref("CT2801948.ToolbarShrinkedFromSetup", true);
Line Found : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
Line Found : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2801948.UserID", "UN74745140773225256");
Line Found : user_pref("CT2801948.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2801948.alertChannelId", "1194029");
Line Found : user_pref("CT2801948.approveUntrustedApps", false);
Line Found : user_pref("CT2801948.components.1000034", false);
Line Found : user_pref("CT2801948.components.1000080", false);
Line Found : user_pref("CT2801948.ct2801948.AppTrackingLastCheckTime", "Sun Aug 21 2011 10:54:53 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ct2801948.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2801948.ct2801948.InvalidateCache", false);
Line Found : user_pref("CT2801948.ct2801948.LanguagePackLastCheckTime", "Sun Aug 21 2011 10:54:45 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ct2801948.Locale", "en-us");
Line Found : user_pref("CT2801948.ct2801948.RadioLastCheckTime", "Sun Aug 21 2011 10:54:45 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ct2801948.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT2801948.ct2801948.RadioLastUpdateServer", "129307496595170000");
Line Found : user_pref("CT2801948.ct2801948.SearchInNewTabLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ct2801948.SettingsLastCheckTime", "Sun Aug 21 2011 10:54:42 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ct2801948.SettingsLastUpdate", "1312887586");
Line Found : user_pref("CT2801948.ct2801948.ThirdPartyComponentsLastCheck", "Sun Aug 21 2011 10:54:42 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ct2801948.ThirdPartyComponentsLastUpdate", "1246786978");
Line Found : user_pref("CT2801948.ct2801948.components.1003", true);
Line Found : user_pref("CT2801948.ct2801948.components.129306881624250628", false);
Line Found : user_pref("CT2801948.ct2801948.components.129306881624563129", false);
Line Found : user_pref("CT2801948.ct2801948.components.129306881632844577", false);
Line Found : user_pref("CT2801948.ct2801948.components.129311958650656383", false);
Line Found : user_pref("CT2801948.ct2801948.components.129311959839444431", false);
Line Found : user_pref("CT2801948.ct2801948.components.129343840936544328", false);
Line Found : user_pref("CT2801948.ct2801948.globalFirstTimeInfoLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ct2801948.toolbarAppMetaDataLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.ct2801948.toolbarContextMenuLastCheckTime", "Sun Aug 21 2011 10:54:45 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Sun Aug 21 2011 10:54:42 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2801948.initDone", true);
Line Found : user_pref("CT2801948.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2801948.isFirstRadioInstallation", false);
Line Found : user_pref("CT2801948.myStuffEnabled", true);
Line Found : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2801948.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2801948.testingCtid", "");
Line Found : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Sun Aug 21 2011 10:54:42 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CT2801948.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2801948", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:10d4\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948", "\"634485749189530000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801948&octid=CT2801948", "\"1312887586\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2801948&octid=CT2801948", "\"1312887586\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/maxi.gif", "\"802b1fef4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play_mini.gif", "\"802b1fef4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"634492029952000000\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Rob\\Application Data\\Mozilla\\Firefox\\Profiles\\ukk3s9v7.default\\conduitCommon\\modules\\3.6.0.10");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2801948");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948");
Line Found : user_pref("CommunityToolbar.globalUserId", "d8bfaf9f-aa01-4307-8dca-00444f7f4b40");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Aug 21 2011 10:54:43 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Aug 21 2011 10:54:38 GMT+1000 (AUS Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "0cad5329-1d50-45d7-9a9d-e10bbd11e171");
Line Found : user_pref("browser.search.defaultthis.engineName", "Elf 1.13 Customized Web Search");
Line Found : user_pref("browser.search.selectedEngine", "Elf 1.13 Customized Web Search");
Line Found : user_pref("extensions.boomtango.cleanuptime", 1873849371);
Line Found : user_pref("extensions.boomtango.dbversion", 1);
Line Found : user_pref("extensions.boomtango.firsttime", false);
Line Found : user_pref("extensions.boomtango.lastshutdown", 1873849370);
Line Found : user_pref("extensions.inboxcomtoolbar@inbox.com.update.url", "hxxp://toolbar.inbox.com/toolbar/firefox/update.aspx?version=%ITEM_VERSION%&status=%ITEM_STATUS%&appVersion=%APP_VERSION%&appOS=%APP_OS%&a[...]

-\\ Google Chrome v

[ File : C:\Users\eliya\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://isearch.avg.com/search?cid={DEA8D703-D9E7-4737-9630-6553684AD4C7}&mid=e358193ca55d47d0a6c581ac0fb46f74-0f8b3de0654d68609e194d87510a6b51ff1b2353&lang=&ds=&pr=&d=&v=13.2.0.5&sap=dsp&q={searchTerms}
Found [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=AU&ver=20&locale=en_AU&gct=sb&qsrc=2869
Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : gclijllifhfpomppedeljakfegbcpojn

*************************

AdwCleaner[R0].txt - [34340 octets] - [25/05/2014 23:33:52]
AdwCleaner[R1].txt - [29665 octets] - [30/05/2014 19:54:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [29726 octets] ##########
 

------------------------------------------------------------------------------------------------------------------------------------------------

 

# AdwCleaner v3.211 - Report created 30/05/2014 at 20:00:00
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Computer Updater
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\goforfiles
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\Movdap
Folder Deleted : C:\Program Files (x86)\MSR
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\w3i
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\USERs\USER\AppData\Local\AVG Secure Search
Folder Deleted : C:\USERs\USER\AppData\Local\Conduit
Folder Deleted : C:\USERs\USER\AppData\Local\DownTango
Folder Deleted : C:\USERs\USER\AppData\Local\MediaGet2
Folder Deleted : C:\USERs\USER\AppData\Local\OpenCandy
Folder Deleted : C:\USERs\USER\AppData\Local\PackageAware
Folder Deleted : C:\USERs\USER\AppData\Local\Zoom_Downloader
Folder Deleted : C:\USERs\USER\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\USERs\USER\AppData\LocalLow\imeshtoolbarguid
Folder Deleted : C:\USERs\USER\AppData\LocalLow\mixidj
Folder Deleted : C:\USERs\USER\AppData\Roaming\ExpressFiles
Folder Deleted : C:\USERs\USER\AppData\Roaming\goforfiles
Folder Deleted : C:\USERs\USER\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\USERs\USER\AppData\Roaming\pdfforge
Folder Deleted : C:\USERs\USER\AppData\Roaming\PerformerSoft
Folder Deleted : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\ConduitCommon
Folder Deleted : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\CT2801948
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\Extensions\tabutils@ithinc.cn
Folder Deleted : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Deleted : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
Folder Deleted : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
[!] Folder Deleted : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
File Deleted : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\Extensions\staged\addon@defaulttab.com.xpi
File Deleted : C:\Windows\System32\SecureAssist64.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Deleted : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Windows\Tasks\driverupdate startup.job
File Deleted : C:\Windows\System32\Tasks\driverupdate startup
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\LaunchApp
File Deleted : C:\Windows\System32\Tasks\QtraxPlayer

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aa microsoft\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekkoTb_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
Key Deleted : HKCU\Software\f2d68ce16ab810
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_disk-space-fan_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_disk-space-fan_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_efficient-sticky-notes_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_efficient-sticky-notes_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freebie-notes_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freebie-notes_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freecommander_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freecommander_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_networx_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_networx_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\imeshtoolbarguid
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\Computer Updater
Key Deleted : HKLM\Software\DownTango
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\iMeshSRTB
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\cyhh5rq3.default-1401028741795\prefs.js ]


[ File : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\ukk3s9v7.default\prefs.js ]

Line Deleted : user_pref("CT2801948..clientLogIsEnabled", true);user_pref("extensions.autoDisableScopes", 0);
Line Deleted : user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2801948.AppTrackingLastCheckTime", "Sun Aug 21 2011 10:54:53 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.CTID", "ct2801948");
Line Deleted : user_pref("CT2801948.CurrentServerDate", "21-8-2011");
Line Deleted : user_pref("CT2801948.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2801948.DialogsGetterLastCheckTime", "Sun Aug 21 2011 10:54:45 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2801948.EMailNotifierPollDate", "Sun Aug 21 2011 10:54:41 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.FirstServerDate", "21-8-2011");
Line Deleted : user_pref("CT2801948.FirstTime", true);
Line Deleted : user_pref("CT2801948.FirstTimeFF3", true);
Line Deleted : user_pref("CT2801948.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2801948.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2801948.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2801948.Initialize", true);
Line Deleted : user_pref("CT2801948.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2801948.InstallationAndCookieDataSentCount", 2);
Line Deleted : user_pref("CT2801948.InstallationId", "ConduitStubGeneric");
Line Deleted : user_pref("CT2801948.InstallationType", "ConduitStubIntegration");
Line Deleted : user_pref("CT2801948.InstalledDate", "Sun Aug 21 2011 10:54:41 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.IsGrouping", false);
Line Deleted : user_pref("CT2801948.IsInitSetupIni", true);
Line Deleted : user_pref("CT2801948.IsMulticommunity", false);
Line Deleted : user_pref("CT2801948.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2801948.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2801948.LanguagePackLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2801948.LastLogin_3.6.0.10", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.LatestVersion", "3.6.0.10");
Line Deleted : user_pref("CT2801948.Locale", "en-us");
Line Deleted : user_pref("CT2801948.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2801948.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2801948.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2801948.OriginalFirstVersion", "3.6.0.10");
Line Deleted : user_pref("CT2801948.RadioIsPodcast", false);
Line Deleted : user_pref("CT2801948.RadioMediaID", "21435220");
Line Deleted : user_pref("CT2801948.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
Line Deleted : user_pref("CT2801948.RadioShrinked", "shrinked");
Line Deleted : user_pref("CT2801948.RadioShrinkedFromSetup", true);
Line Deleted : user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Line Deleted : user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
Line Deleted : user_pref("CT2801948.SHRINK_TOOLBAR", 0);
Line Deleted : user_pref("CT2801948.SearchBoxWidth", 269);
Line Deleted : user_pref("CT2801948.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2801948.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2801948.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2801948.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2801948.ServiceMapLastCheckTime", "Sun Aug 21 2011 10:54:36 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.SettingsLastCheckTime", "Sun Aug 21 2011 10:54:38 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.SettingsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Sun Aug 21 2011 10:54:36 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1246786978");
Line Deleted : user_pref("CT2801948.ToolbarDisabled", true);
Line Deleted : user_pref("CT2801948.ToolbarShrinkedFromSetup", true);
Line Deleted : user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
Line Deleted : user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2801948.UserID", "UN74745140773225256");
Line Deleted : user_pref("CT2801948.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2801948.alertChannelId", "1194029");
Line Deleted : user_pref("CT2801948.approveUntrustedApps", false);
Line Deleted : user_pref("CT2801948.components.1000034", false);
Line Deleted : user_pref("CT2801948.components.1000080", false);
Line Deleted : user_pref("CT2801948.ct2801948.AppTrackingLastCheckTime", "Sun Aug 21 2011 10:54:53 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ct2801948.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2801948.ct2801948.InvalidateCache", false);
Line Deleted : user_pref("CT2801948.ct2801948.LanguagePackLastCheckTime", "Sun Aug 21 2011 10:54:45 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ct2801948.Locale", "en-us");
Line Deleted : user_pref("CT2801948.ct2801948.RadioLastCheckTime", "Sun Aug 21 2011 10:54:45 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ct2801948.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2801948.ct2801948.RadioLastUpdateServer", "129307496595170000");
Line Deleted : user_pref("CT2801948.ct2801948.SearchInNewTabLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ct2801948.SettingsLastCheckTime", "Sun Aug 21 2011 10:54:42 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ct2801948.SettingsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2801948.ct2801948.ThirdPartyComponentsLastCheck", "Sun Aug 21 2011 10:54:42 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ct2801948.ThirdPartyComponentsLastUpdate", "1246786978");
Line Deleted : user_pref("CT2801948.ct2801948.components.1003", true);
Line Deleted : user_pref("CT2801948.ct2801948.components.129306881624250628", false);
Line Deleted : user_pref("CT2801948.ct2801948.components.129306881624563129", false);
Line Deleted : user_pref("CT2801948.ct2801948.components.129306881632844577", false);
Line Deleted : user_pref("CT2801948.ct2801948.components.129311958650656383", false);
Line Deleted : user_pref("CT2801948.ct2801948.components.129311959839444431", false);
Line Deleted : user_pref("CT2801948.ct2801948.components.129343840936544328", false);
Line Deleted : user_pref("CT2801948.ct2801948.globalFirstTimeInfoLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ct2801948.toolbarAppMetaDataLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.ct2801948.toolbarContextMenuLastCheckTime", "Sun Aug 21 2011 10:54:45 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Sun Aug 21 2011 10:54:42 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2801948.initDone", true);
Line Deleted : user_pref("CT2801948.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2801948.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2801948.myStuffEnabled", true);
Line Deleted : user_pref("CT2801948.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2801948.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2801948.testingCtid", "");
Line Deleted : user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Sun Aug 21 2011 10:54:42 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Sun Aug 21 2011 10:54:44 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT2801948.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2801948", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:10d4\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948", "\"634485749189530000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2801948&octid=CT2801948", "\"1312887586\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2801948&octid=CT2801948", "\"1312887586\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/maxi.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play_mini.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"634492029952000000\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Rob\\Application Data\\Mozilla\\Firefox\\Profiles\\ukk3s9v7.default\\conduitCommon\\modules\\3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=867034&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2801948");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2801948");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "d8bfaf9f-aa01-4307-8dca-00444f7f4b40");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Aug 21 2011 10:54:43 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Aug 21 2011 10:54:38 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "0cad5329-1d50-45d7-9a9d-e10bbd11e171");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Elf 1.13 Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Elf 1.13 Customized Web Search");
Line Deleted : user_pref("extensions.boomtango.cleanuptime", 1873849371);
Line Deleted : user_pref("extensions.boomtango.dbversion", 1);
Line Deleted : user_pref("extensions.boomtango.firsttime", false);
Line Deleted : user_pref("extensions.boomtango.lastshutdown", 1873849370);
Line Deleted : user_pref("extensions.inboxcomtoolbar@inbox.com.update.url", "hxxp://toolbar.inbox.com/toolbar/firefox/update.aspx?version=%ITEM_VERSION%&status=%ITEM_STATUS%&appVersion=%APP_VERSION%&appOS=%APP_OS%&a[...]

-\\ Google Chrome v

[ File : C:\Users\eliya\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={DEA8D703-D9E7-4737-9630-6553684AD4C7}&mid=e358193ca55d47d0a6c581ac0fb46f74-0f8b3de0654d68609e194d87510a6b51ff1b2353&lang=&ds=&pr=&d=&v=13.2.0.5&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=AU&ver=20&locale=en_AU&gct=sb&qsrc=2869
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : gclijllifhfpomppedeljakfegbcpojn

*************************

AdwCleaner[R0].txt - [34340 octets] - [25/05/2014 23:33:52]
AdwCleaner[R1].txt - [29847 octets] - [30/05/2014 19:54:57]
AdwCleaner[S0].txt - [28911 octets] - [30/05/2014 20:00:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28972 octets] ##########
 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

 

 

 

 

 

 

 

 

 

 

RogueKiller V9.0.0.0 (x64) [May 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : USER [Admin rights]
Mode : Remove -- Date : 05/30/2014  20:25:45

¤¤¤ Bad processes : 2 ¤¤¤
[Suspicious.Path] (SVC) Agent -- C:\Windows\agent_x64.exe[-] -> STOPPED
[Suspicious.Path] (SVC) gdrv -- \??\C:\Windows\gdrv.sys[7] -> STOPPED

¤¤¤ Registry Entries : 34 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_0DD6\ControlSet001\Services\BHDrvx86 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_0DD6\ControlSet001\Services\IDSxpx86 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_0DD6\ControlSet001\Services\NAVENG -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_0DD6\ControlSet001\Services\NAVEX15 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_0DD6\ControlSet003\Services\BHDrvx86 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_0DD6\ControlSet003\Services\IDSxpx86 -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_0DD6\ControlSet003\Services\NAVENG -> NOT SELECTED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_0DD6\ControlSet003\Services\NAVEX15 -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> NOT SELECTED
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> NOT SELECTED
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Desktop] (X64) HKEY_USERS\RK_Rob_ON_E_DE9F\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> NOT SELECTED
[PUM.Desktop] (X86) HKEY_USERS\RK_Rob_ON_E_DE9F\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\RK_Rob_ON_E_DE9F\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\RK_Rob_ON_E_DE9F\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1796457039-3476434587-2440364337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1796457039-3476434587-2440364337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1796457039-3476434587-2440364337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1796457039-3476434587-2440364337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1796457039-3476434587-2440364337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1796457039-3476434587-2440364337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E651\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_E651\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 6 ¤¤¤
[EAT:Addr] (explorer.exe) wercplsupport.dll - DllCanUnloadNow : C:\Windows\system32\wpdshserviceobj.dll @ 0x7feef4c3d60
[EAT:Addr] (explorer.exe) wercplsupport.dll - DllGetClassObject : C:\Windows\system32\wpdshserviceobj.dll @ 0x7feef4c1a74
[EAT:Addr] (explorer.exe) wercplsupport.dll - DllRegisterServer : C:\Windows\system32\wpdshserviceobj.dll @ 0x7feef4c6070
[EAT:Addr] (explorer.exe) wercplsupport.dll - DllUnregisterServer : C:\Windows\system32\wpdshserviceobj.dll @ 0x7feef4c6278
[EAT:Addr] (explorer.exe) hcproviders.dll - DllCanUnloadNow : C:\Windows\System32\AltTab.dll @ 0x7fefb3720d8
[EAT:Addr] (explorer.exe) hcproviders.dll - DllGetClassObject : C:\Windows\System32\AltTab.dll @ 0x7fefb3720ec

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] cyhh5rq3.default-1401028741795 : Favorite to OneNote [{FF201206-31F0-43FD-98C7-0E142411C415}] -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EALX-009BA0 ATA Device +++++
--- User ---
[MBR] 672b7ed4d496ffebf4f3842e45deb731
[BSP] 31ff4032e38495e762c2eff8fcdae875 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 843767 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1728241664 | Size: 109999 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD161HJ              41R0186LEN ATA Device +++++
--- User ---
[MBR] f5722b00e7e86639a4978bd38331fe15
[BSP] b1a67e6647cced0cc47effb09707b675 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: HP Officejet Pro 85 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_05302014_202149.log



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:29 PM

Posted 30 May 2014 - 05:51 PM

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 robaa

robaa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 31 May 2014 - 02:31 AM

downloaded junkware removal tool . run as administrator.

Then error message. 'error during execurtion, ""%temp%\jrt\get.bat"" The system cannot find the file specified.



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:29 PM

Posted 31 May 2014 - 02:57 PM

Forget the Junkware removal tool and go to step 2


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 robaa

robaa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 01 June 2014 - 02:19 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014
Ran by USER at 2014-06-01 11:54:31
Running from C:\Users\USER\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7 Sticky Notes (HKLM-x32\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced Uninstaller Free - Version 10 (HKLM-x32\...\AU10F_is1) (Version: 10 - Innovative Solutions)
AllMyNotes Organizer (HKLM-x32\...\AllMyNotes Organizer) (Version: 2.78 - Vladonai Software)
Anchor To OneNote v6.6.1.40 (HKLM-x32\...\{B31C648A-9E17-4739-90D1-D64E4746BE02}_is1) (Version: 6.6.1.40 - OneNoteGem)
Anti-Twin (Installation 11/01/2013) (HKLM-x32\...\Anti-Twin 2013-01-11 19.14.57) (Version:  - Joerg Rosenthal, Germany)
AOMEI Backupper Standard Edition 2.0 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Auslogics File Recovery (HKLM-x32\...\{D8F33108-139F-409A-A160-B9510DE736B3}_is1) (Version: 4.4.2.0 - Auslogics Labs Pty Ltd)
AutoMetadata (HKCU\...\c934834aea0c0bc3) (Version: 1.0.0.8 - EverMap)
Bring To OneNote 2010 v9.2.0.65 (HKLM-x32\...\{D0ED4BE1-6685-4F83-B7CF-2CD42D6ED7F7}_is1) (Version: 9.2.0.65 - James.Linton)
Bullzip PDF Printer 9.9.0.1621 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.9.0.1621 - Bullzip)
Canvas for Microsoft® OneNote® 2007 (HKLM-x32\...\{630251F6-D575-4FCC-94B8-ABCEFB77A15F}) (Version: 1.1.2324.0 - Microsoft Office Labs)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.2 build 3820  (Jan-31-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Clip to OneNote version 5.0 (HKLM-x32\...\{FD0201E3-DF5C-48BF-AC7F-CEFA9DCF26ED}_is1) (Version: 5.0 - eTrent Soft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copernic Desktop Search - Home (HKLM-x32\...\CopernicDesktopSearch2) (Version:  - Copernic Inc.)
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Delete Duplicate Files 5.5 (HKLM\...\Delete Duplicate Files [64-Bit Edition]_is1) (Version:  - Brana Bujenovic)
Docear (HKLM\...\Docear) (Version: 1.0.3.1_stable_build221 - Docear)
Docear4Word (HKLM-x32\...\{3FE5D87D-E8C1-40BF-BE11-4C4228CD0C49}) (Version: 1.3.0 - Docear)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.44.000 - Runtime Software)
DriverUpdate (HKLM-x32\...\{C67F5282-3EB4-4FE2-A5C7-ABEE4BE42F6D}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Duplicate Cleaner 2.1b (HKLM-x32\...\Duplicate Cleaner) (Version: 2.1b - DigitalVolcano)
EaseUS Data Recovery Wizard 7.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.0_is1) (Version:  - EaseUS)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
Fast Duplicate File Finder 3.5.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 3.5.0.1 - MindGems, Inc.)
Favorite to OneNote v5.3.0.21 (HKLM-x32\...\{BB93FD26-B8C0-42C9-A479-FB3BFDBE1C7B}_is1) (Version: 5.3.0.21 - OneNoteGem)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version:  - Trusted Software) <==== ATTENTION
FileCenter 8.0.0.23 (HKLM-x32\...\{8BC914BF-F80D-47D9-BD1E-809EB6A7C23C}_is1) (Version: 8.0.0.23 - Lucion Technologies, LLC)
FileOpen Client (x64) (HKLM\...\{8D8B35B1-4F80-412C-8F96-0BEE6AF1C57D}) (Version: 3.0.73.917 - FileOpen Systems, Inc.)
Firefox_Linked_Notes (HKLM\...\{CF950FBD-2E9A-4076-9BEA-4C9958042F1C}) (Version: 1.0.0.0 - Firefox_Linked_Notes)
Free PDF Metadata Editor (remove only) (HKLM\...\Free PDF Metadata Editor) (Version:  - )
FreeCommander 2009.02a (HKLM-x32\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
GoToMyPC (HKLM\...\{260BCAC0-8BF7-40E2-92C1-7B106FD1116B}) (Version: 8.1.1337 - Citrix Online)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP IDF Software (HKLM-x32\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{24E45339-C750-4EAE-8241-BA25A7DABBDD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
HTML Help Workshop (HKLM-x32\...\HTML Help Workshop) (Version:  - )
Image Converter (HKLM-x32\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Management Engine Components (Version: 10.0.0.1204 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kingsoft Office 2013 (9.1.0.4058) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4058 - Kingsoft Corp.)
K-Lite Codec Pack 8.2.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.2.0 - )
Licensing Service Install (HKLM-x32\...\{343DBCC6-511C-46C7-B0B7-DD86F60843E5}) (Version: 2.0.0.125 - Protexis Inc.)
M8 Free Clipboard (HKLM-x32\...\M8 Free Clipboard) (Version:  - )
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Max Uninstaller version 2.1 (HKLM-x32\...\{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1) (Version: 2.1 - http://www.maxuninstaller.com/)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft OneNote 2010 (HKLM-x32\...\Office14.ONENOTER) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Moyea PPT to PDF Converter version 1.2.0.8 (HKLM-x32\...\{3B0A62A4-FA3A-4112-A20E-0CC27D7B0B3D}_is1) (Version:  - Moyea Software)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
MSGTAG (HKLM-x32\...\MSGTAG_is1) (Version:  - MSGTAG)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBalancer (HKLM\...\NetBalancer_is1) (Version:  - SeriousBit)
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Olympus DSS Player Pro (HKLM-x32\...\{91A32CD1-96A5-41D0-BCE6-9CE25531A875}) (Version: 5.0.14 - OLYMPUS IMAGING CORP.)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OneNote 2007 Sort Sections (HKLM-x32\...\{F751F4CD-625E-42A2-BDAF-368A72A036E5}) (Version: 1.0.0 - OneNote PowerToys)
OneNote 2010 Sort Pages (HKLM-x32\...\{ED538315-6C40-44E1-B119-90D297794681}) (Version: 1.0.1 - OneNote PowerToys)
OneNote Gem Favorites 2010 v12.1.0.41 (HKLM-x32\...\{821C1F93-8B51-4974-B44B-A93D0CF31211}_is1) (Version: 12.1.0.41 - james)
OneNote Page Merge (HKLM-x32\...\{BE85B2A4-FF9F-4231-8E6F-003B64986C07}) (Version: 1.0.0 - Microsoft)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
PDF-XChange 2012 Pro (HKLM\...\{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1) (Version: 5.0.272.1 - Tracker Software Products Ltd)
PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.201.0 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM-x32\...\{57476447-95ee-4c7c-8373-875ad649bbb9}) (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.201.0 - Tracker Software Products Ltd)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
POP Peeper (HKLM-x32\...\POP Peeper) (Version:  - Mortal Universe)
Print Conductor 3.1 (HKLM-x32\...\Print Conductor_is1) (Version: 3.1 - fCoder Group, Inc.)
Puran File Recovery 1.2 (HKLM\...\Puran File Recovery_is1) (Version:  - Puran Software)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTime Alternative 3.2.2 (HKLM-x32\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
Rename Master (HKLM-x32\...\Rename Master_is1) (Version:  - )
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Scan and Sort it 11 (HKLM-x32\...\{3147DFB5-8677-4EA5-8ED4-DC7BB25121FC}) (Version: 11.0.2 - RetSoft BV)
Screen Protractor (HKLM-x32\...\Screen Protractor) (Version: 1.1 - Iconico)
Send to OneNote 2007 (HKLM-x32\...\{D0180909-85ED-4F97-B12C-C9E3129F78DC}) (Version: 1.0.0 - Microsoft Office OneNote 2007 PowerToys)
Send To Toys v2.61 (HKLM\...\Send To Toys_is1) (Version:  - Gabriele Ponti)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skitch (HKLM-x32\...\Skitch 2.3.0.159) (Version: 2.3.0.159 - Evernote Corp.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolveigMM WMP Trimmer Plugin Home Edition (HKLM-x32\...\SolveigMM WMP Trimmer Plugin Home Edition 3.0.1308.05) (Version: 3.0.1308.05 - Solveig Multimedia)
Sony USB Driver (HKLM-x32\...\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}) (Version:  - )
Static Thunderbird Backup 2.9 (HKLM-x32\...\Static Thunderbird Backup_is1) (Version:  - StaticBackup Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncFolders version 3.2.192 (HKLM-x32\...\{0B3B4477-CBE0-4131-95D9-E4DE0AC1055F}_is1) (Version: 3.2.192 - G.J. Weerheim)
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
True Image WD Edition (HKLM-x32\...\{5FD437EF-27A6-41DF-B778-46AA81187610}) (Version: 16.0.5926 - Acronis)
TurboNote+ 6.6 (HKLM-x32\...\TurboNote+) (Version: 6.6 - WebCentre Ltd.)
UK's Kalender 2.3.2 (HKLM-x32\...\UK's Kalender_is1) (Version:  - Ulrich Krebs)
UltraFileSearch (HKLM-x32\...\UltraFileSearch) (Version:  - Stegisoft)
UltraFileSearch (x32 Version: 2.0.1.11335 - Stegisoft) Hidden
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC)
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden
Unwipe (HKLM-x32\...\{57BC9B68-78D7-4464-B6FE-1A0BB2D3737A}_is1) (Version:  - Blitware Technology Inc.)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.ONENOTER_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.ONENOTER_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.ONENOTER_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.ONENOTER_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.ONENOTER_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.ONENOTER_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-00A1-0000-0000-0000000FF1CE}_Office14.ONENOTER_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.ONENOTER_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
VisiPics V1.30 (HKLM-x32\...\VisiPics_is1) (Version:  - Ozone)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
WD Quick View (HKLM-x32\...\{F181233F-67DF-4995-A159-EB81F2B5500B}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6E936B32-5120-412E-AC87-C1D3651E531F}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Driver Package - Cmotech (cmusbnet) Net  (06/11/2007 2.0.0.9) (HKLM\...\51208688C66699298C32E38B6BFF92816EE798CA) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem  (06/08/2007 2.0.3.9) (HKLM\...\7404D4336C2B621F88A2B25CE6577572A8BBD25A) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Driver Package - Cmotech Ports  (06/08/2007 2.0.3.9) (HKLM\...\2021A90B4F2D70AB98CFBF428E09767703FD455E) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
XYplorer 13.70 (HKLM-x32\...\XYplorer) (Version: 13.70 - Donald Lessau)
Yodot Recovery Software (HKLM\...\{C129A19E-4C6E-47BF-9F35-B4A3C6F4E394}_is1) (Version: 3.0.0.108 - Yodot Software)

==================== Restore Points  =========================

10-05-2014 07:09:54 Windows Update
12-05-2014 22:44:40 Windows Backup
13-05-2014 23:23:30 Windows Update
14-05-2014 17:00:25 Windows Update
15-05-2014 12:37:19 WD SmartWare Installer
15-05-2014 13:33:51 WD SmartWare Installer
15-05-2014 13:39:31 WD SmartWare Installer
17-05-2014 09:55:42 Windows Backup
18-05-2014 08:57:44 Windows Update
21-05-2014 10:38:44 Windows Update
23-05-2014 11:00:27 Windows Backup
24-05-2014 20:30:04 Windows Update
25-05-2014 04:56:01 Uniblue SpeedUpMyPC installation
26-05-2014 13:22:39 DriverUpdate Installing Drivers
28-05-2014 15:11:21 Windows Update
30-05-2014 11:00:39 Windows Backup

==================== Hosts content: ==========================

2009-07-14 12:34 - 2014-05-27 00:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0C7EFC55-E69E-4388-85ED-F304C41C1A3D} - System32\Tasks\{3064F42F-9535-4AE1-8721-BEC397631C3E} => C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE [2014-03-19] (Microsoft Corporation)
Task: {1A7D55B7-F995-4388-B277-CA2401440F3C} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1D15B13A-7750-42C6-B17B-00434F025091} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {1E81ACCE-A63D-418D-8F7B-53609561E5B3} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {25FBE860-446E-414D-A8F3-DAF3DFCA5CF5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {27852B97-4E79-413E-94F2-9174C321C705} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {29B88854-4023-4CDC-81B8-FF400A647579} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {304D1EF2-CA0A-4142-BF7F-5A897E5049A6} - System32\Tasks\{2E1BA001-D12C-4328-9633-05217E86096A} => D:\setup.exe
Task: {309A790E-4A0B-4865-A5EA-1E4A2B9FACBE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {35DFDF7F-F36D-4CF7-9BF9-006920E5F9A4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3C596549-6B35-4BBD-A565-42BFB6B563CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {3D37688E-3FE8-4EF2-9811-B1C857FF8C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-30] (Google Inc.)
Task: {4062204A-C036-49C4-A833-46F3E0DE1CED} - \QtraxPlayer No Task File <==== ATTENTION
Task: {464068F3-084E-4914-89BF-CCE9CF8BC018} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {4B692447-EF1A-4C34-8504-A4D101168EA6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {55F5F427-D5E8-439B-A546-BD7BF6AB9A57} - \EPUpdater No Task File <==== ATTENTION
Task: {5A0CDCA0-6EF2-4382-AC47-48EF87550CDD} - \DriverUpdate Startup No Task File <==== ATTENTION
Task: {5A9A64DE-ACB5-4488-B8FC-EF04FECBA3E0} - \LaunchApp No Task File <==== ATTENTION
Task: {6588BE6E-F193-438F-A5F3-E8E5B80F4D27} - System32\Tasks\{BCEDC1D4-3C33-4387-BC3D-BDC7194BEF91} => C:\Windows\system32\msiexec.exe [2010-11-21] (Microsoft Corporation)
Task: {6819E681-DCF2-4E92-A6AC-AA413000025C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {81728D2D-7A5C-467E-9C90-95882D53250F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-26] (Piriform Ltd)
Task: {85CA7355-8E04-4784-9809-C984B90A04F4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-03] (Google Inc.)
Task: {867BA37C-0BE9-48FA-92CC-36AFDF1926E7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8C2BC440-C9FE-45CD-AAC8-228572CD7EB7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8C3142DA-F6FA-418C-8DD5-9C1E3006DC06} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe
Task: {8C65674D-A1FB-48C9-958A-CF024772717E} - System32\Tasks\{72609FFD-F343-48CE-8734-2F934115B42D} => D:\setup.exe
Task: {91B1557D-02CE-42BC-B3DD-E3AFE4F09921} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {933B62F9-AF3D-4CD8-AABE-53FD85ADF126} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.3.1.22\WSCStub.exe
Task: {9912DD6D-C6B6-43D0-8BAF-C9288C48F7E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-28] (Adobe Systems Incorporated)
Task: {998DA787-4E4F-4C70-AF4E-7724615C27D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-30] (Google Inc.)
Task: {9AD5DBFF-EFDF-43F5-8CCB-72C8A370D83F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {A227FACD-4BEA-4A70-A63D-0BC482D6D3DE} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe
Task: {A72D87D4-794A-47A8-B5F7-8484D88D4826} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B5EB097E-86E6-4B24-A010-E13F409235BF} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {BC7CEC9E-5072-4D76-898F-9BEAAACD634A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C3E07817-4690-4B16-9A9D-4089F5FEA410} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D5591CFD-90CB-43E4-892A-198E5F89FB14} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.3.1.22\SymErr.exe
Task: {D806E38F-624D-4A8D-B44A-517545CA672D} - System32\Tasks\{E57367F4-2009-4B4B-A6B5-D98750A09C32} => D:\setup.exe
Task: {E0832EC3-E1AD-4D42-B672-DA2439112C01} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {E422B0C3-4DE1-4E84-BD1C-E770D2DFC1EF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.3.1.22\SymErr.exe
Task: {F50D3D18-5F2D-4682-83EC-DED96DEF38F7} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {F5D24C91-5852-473B-BFB5-F1C2A85DDA79} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FA151082-D48A-4A02-9ED4-EA00DDD446B8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1005 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000Core.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000UA.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-22 06:23 - 2013-12-20 04:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-01 21:46 - 2009-09-01 12:13 - 00043008 _____ () C:\Windows\System32\essfaxpm.dll
2012-05-09 16:57 - 2011-01-22 18:44 - 00044544 _____ () C:\Windows\System32\rsdppm.dll
2013-11-07 19:49 - 2013-11-05 15:04 - 00066048 _____ () C:\Program Files\NetBalancer\Events.dll
2013-11-07 19:52 - 2013-11-07 19:52 - 00205032 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SeriousBit.NetBalancer.DeskBand\v4.0_1.0.0.0__ce1333cc798c13ee\SeriousBit.NetBalancer.DeskBand.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-09-16 12:57 - 2011-09-16 12:57 - 00070144 _____ () C:\Program Files (x86)\RetSoft\Scan and Sort it\RsShellExt64.dll
2011-09-06 19:37 - 2011-06-10 12:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-27 10:13 - 2013-09-27 10:13 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:1FCA174A
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:394B442A
AlternateDataStreams: C:\ProgramData\TEMP:F8834619
AlternateDataStreams: C:\Users\USER\Norton Internet Security_Key.txt:DocumentSummaryInformation
AlternateDataStreams: C:\Users\USER\Norton Internet Security_Key.txt:SummaryInformation
AlternateDataStreams: C:\Users\USER\Norton Internet Security_Key.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Agent => 2
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDriveService => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: vToolbarUpdater13.2.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk => C:\Windows\pss\Directrec Configuration Tool.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Online Backup Status.lnk => C:\Windows\pss\McAfee Online Backup Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^onenote run page.url => C:\Windows\pss\onenote run page.url.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TurboNote.lnk => C:\Windows\pss\TurboNote.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Start Menu^Programs^Startup^FreeClip.lnk => C:\Windows\pss\FreeClip.lnk.Startup
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Start Menu^Programs^Startup^TPG bitometer.url => C:\Windows\pss\TPG bitometer.url.Startup
MSCONFIG\startupfolder: C:^Users^USER^AppData^Roaming^Microsoft^Start Menu^Programs^Startup^VirtuaWin.lnk => C:\Windows\pss\VirtuaWin.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: BreakingNews => C:\Program Files\BreakingNews\BreakingNews\DesktopContainer.exe
MSCONFIG\startupreg: combofix => C:\ComboFix\CF22926.3XE /c C:\ComboFix\Combobatch.bat
MSCONFIG\startupreg: Driver Manager => C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
MSCONFIG\startupreg: FreeCT => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe -autorun
MSCONFIG\startupreg: FreeDocusTree => C:\ProgramData\4dots Software\Free DocusTree\FreeDocusTree.exe
MSCONFIG\startupreg: IDrive Monitor => "C:\Program Files (x86)\IDriveWindows\idwmonitor.exe" Min
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: itype => "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: Listary => "C:\Program Files\Listary\Listary.exe"
MSCONFIG\startupreg: NetWorx => "C:\Program Files\NetWorx\networx.exe" /auto
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skitch => C:\PROGRAM FILES (X86)\EVERNOTE\SKITCH\SKITCH.EXE   -start-on-hide
MSCONFIG\startupreg: Smartype => "C:\Program Files (x86)\Smartype\Smartype.exe"
MSCONFIG\startupreg: SugarSync => "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TPG => C:\Program Files (x86)\TPG LeechOmeter\TPG LeechOmeter.exe
MSCONFIG\startupreg: Typhoeus Stickies => C:\Program Files (x86)\Typhoeus\Stickies\Typhoeus Stickies 5.exe
MSCONFIG\startupreg: Typing Assistant (English) => C:\Program Files (x86)\Typing Assistant (English) 5.4\Typing Assistant (English).exe
MSCONFIG\startupreg: Virtual Dimension => C:\Program Files (x86)\Virtual Dimension\VirtualDimension.exe
MSCONFIG\startupreg: WebCake Desktop => "C:\Users\USER\AppData\Roaming\WebCake\WebCakeDesktop.exe"

==================== Faulty Device Manager Devices =============

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Bluetooth AV Remote Control Target
Description: Bluetooth AV Remote Control Target
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A910
Description: Officejet Pro 8500 A910
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ssnfd
Description: ssnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ssnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/01/2014 01:29:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/01/2014 01:26:36 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (06/01/2014 01:24:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (06/01/2014 01:21:09 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (05/31/2014 01:23:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/31/2014 01:23:12 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (05/31/2014 01:21:12 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (05/31/2014 01:18:37 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (05/30/2014 09:05:20 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).

Error: (05/30/2014 08:02:40 PM) (Source: NetBalancerService) (EventID: 0) (User: )
Description: This version of NetBalancer is outdated, please download a new one from our website.


System errors:
=============
Error: (06/01/2014 01:28:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the afcdpsrv service.

Error: (05/30/2014 08:03:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ssnfd

Error: (05/30/2014 08:02:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (05/30/2014 08:02:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:00:28 PM on ‎30/‎05/‎2014 was unexpected.

Error: (05/29/2014 11:51:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/29/2014 11:48:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/29/2014 11:47:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/29/2014 11:44:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/29/2014 11:43:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the afcdpsrv service.

Error: (05/29/2014 11:42:50 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.


Microsoft Office Sessions:
=========================
Error: (06/01/2014 01:29:06 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (06/01/2014 01:26:36 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Docear4Word\adxloader.dll.ManifestC:\Program Files (x86)\Docear4Word\adxloader.dll.Manifest2

Error: (06/01/2014 01:24:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (06/01/2014 01:21:09 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Docear4Word\adxloader.dll.ManifestC:\Program Files (x86)\Docear4Word\adxloader.dll.Manifest2

Error: (05/31/2014 01:23:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/31/2014 01:23:12 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Docear4Word\adxloader.dll.ManifestC:\Program Files (x86)\Docear4Word\adxloader.dll.Manifest2

Error: (05/31/2014 01:21:12 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\freecommander\DelZip179.dllc:\program files (x86)\freecommander\DelZip179.dll8

Error: (05/31/2014 01:18:37 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files (x86)\Docear4Word\adxloader.dll.ManifestC:\Program Files (x86)\Docear4Word\adxloader.dll.Manifest2

Error: (05/30/2014 09:05:20 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough free space on the backup storage location to back up the data. (0x80780048)

Error: (05/30/2014 08:02:40 PM) (Source: NetBalancerService) (EventID: 0) (User: )
Description: This version of NetBalancer is outdated, please download a new one from our website.


CodeIntegrity Errors:
===================================
  Date: 2014-05-26 00:12:18.845
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-26 00:12:18.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-25 23:37:26.452
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-05-25 23:37:26.421
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-08 19:40:42.507
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-08 19:40:42.475
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-08 19:40:42.460
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-08 19:40:42.444
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-30 22:36:17.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-30 22:36:17.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 4013.12 MB
Available physical RAM: 2317.8 MB
Total Pagefile: 8024.41 MB
Available Pagefile: 6041.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:823.99 GB) (Free:528.3 GB) NTFS
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive e: (Old XP) (Fixed) (Total:149.04 GB) (Free:0.24 GB) NTFS
Drive i: (New Volume) (Fixed) (Total:107.42 GB) (Free:91.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7400E206)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=824 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: E308E308)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 robaa

robaa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 01 June 2014 - 02:23 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014
Ran by USER (administrator) on USER-PC on 01-06-2014 11:53:32
Running from C:\Users\USER\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Author: Brana Bujenovic) C:\Program Files\Delete Duplicate Files\DDFS.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Marek Jasinski - www.FreeCommander.com) C:\Program Files (x86)\FreeCommander\FreeCommander.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Lucion Technologies, LLC) C:\Program Files (x86)\FileCenter\Main\FileAgent.exe
(Tracker Software Products (Canada) Ltd.) C:\Program Files\Tracker Software\PDF-XChange 5\pdfSaver5.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [900992 2011-12-09] (FileOpen Systems Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Join (Merge, Combine) Multiple Rar Files Into One Software.exe] => [X]
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\starstableonline\dxwebsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\pccustubinstaller\symcpccuinstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\onetastic\onecal.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\gosetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\pccustubinstaller\symcpccuinstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\onetastic\onecal.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\starstableonline\dxwebsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\onetastic\onecal.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\starstableonline\dxwebsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\pccustubinstaller\symcpccuinstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\file scout\filescout.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1796457039-3476434587-2440364337-1000\...\Run: [Copernic Desktop Search - Home] => C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [1648600 2011-11-23] (Copernic Inc.)
HKU\S-1-5-21-1796457039-3476434587-2440364337-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1796457039-3476434587-2440364337-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1796457039-3476434587-2440364337-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 4.lnk
ShortcutTarget: Device Detector 4.lnk -> C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk
ShortcutTarget: Directrec Configuration Tool.lnk -> C:\Program Files (x86)\OLYMPUS\DirectrecConfig\DirectrecConfigurationTool.exe (OLYMPUS IMAGING CORP.)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Startup\7 Sticky Notes.lnk
ShortcutTarget: 7 Sticky Notes.lnk -> C:\Program Files (x86)\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Startup\Sticky Notes (2).lnk
ShortcutTarget: Sticky Notes (2).lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
GroupPolicyUsers\S-1-5-21-1796457039-3476434587-2440364337-1005\User: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: PDN64BitBookMarkActivator.BookMark64BitActivator - {887cdc33-0de3-4fd5-a5d3-eccd4b4b396c} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\c2yjbhfe.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.93.dll No File
Toolbar: HKLM - No Name - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} -  No File
Toolbar: HKLM - Post-it® Digital Notes - {735abc4c-9266-4008-9ef6-bc60be8de31f} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 211.29.132.12 198.142.0.51 198.142.235.14

FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\cyhh5rq3.default-1401028741795
FF Homepage: https://www.google.com.au/webhp?tab=ww&ei=rNiyUuS5F8-mkgWZrYBw&ved=0CBIQ1S4|about:addons
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: AnchorToOneNote - C:\Program Files (x86)\OneNoteGem\Anchor to OneNote\npAnchorToOneNote.dll (OneNote Gem)
FF Plugin-x32: BringToOneNote - C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\npBringToOneNote.dll (OneNote Gem)
FF Plugin-x32: FavToOneNote - C:\Program Files (x86)\OneNoteGem\Favorite to OneNote\npFavToOneNote.dll (OneNote Gem)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\USER\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\USER\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: vitzo.com/VDownloader - C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\USER\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\staged [2014-04-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-30]
FF Extension: Favorite to OneNote - C:\Program Files (x86)\OneNoteGem\Favorite to OneNote\FF [2014-02-09]
FF Extension: Bring to OneNote - C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\FF [2014-02-09]
FF Extension: Anchor to OneNote - C:\Program Files (x86)\OneNoteGem\Anchor to OneNote\FF [2014-02-09]
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-09-17]
FF HKLM-x32\...\Firefox\Extensions: [{FF201206-31F0-43FD-98C7-0E142411C415}] - C:\Program Files (x86)\OneNoteGem\Favorite to OneNote\FF
FF Extension: Favorite to OneNote - C:\Program Files (x86)\OneNoteGem\Favorite to OneNote\FF [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [{FF201111-31F0-43FD-98C7-0E142411C415}] - C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\FF
FF Extension: Bring to OneNote - C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\FF [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [AnchorToOneNote@OneNoteGem.com] - C:\Program Files (x86)\OneNoteGem\Anchor to OneNote\FF
FF Extension: Anchor to OneNote - C:\Program Files (x86)\OneNoteGem\Anchor to OneNote\FF [2014-02-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-09-17]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-28]
FF HKLM-x32\...\Thunderbird\Extensions: [{FF201111-31F0-43FD-98C7-0E142411C415}] - C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\FF
FF Extension: Bring to OneNote - C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\FF [2014-02-09]
FF HKCU\...\Firefox\Extensions: [{df340737-4d2d-473e-a376-cc713ef560ba}] - C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox70Connector
FF Extension: Copernic Desktop Search - Home Connector - C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox70Connector [2011-10-02]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (No Name) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\amhlacfinnaffmhfohbpecabbjfhkdji [2013-11-27]
CHR Extension: (Docs) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (YouTube) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (Google Search) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (AnchorToOneNote) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddenohnapacpcemfiagienhghpmnapmn [2013-11-27]
CHR Extension: (RealDownloader) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-11-27]
CHR Extension: (Skype Click to Call) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-27]
CHR Extension: (Google Wallet) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]
CHR HKLM-x32\...\Chrome\Extension: [bnjdjahfjhafehbeoffchdnbllicbdkk] - C:\Program Files (x86)\OneNoteGem\Bring to OneNote 2010\bringtoonenote.crx [2014-02-09]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [ipoapcfkbnfbncdknkjefggcfnnoadme] - C:\Program Files (x86)\OneNoteGem\Favorite to OneNote\favtoonenote.crx [2014-02-09]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
S4 Agent; C:\Windows\agent_x64.exe [100352 2011-01-22] ()
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\ABService.exe [29912 2014-04-08] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 Delete Duplicate Files Scan on Schedule Service; C:\Program Files\Delete Duplicate Files\DDFS.exe [2428416 2012-01-27] (Author: Brana Bujenovic)
R2 FileOpenManagerSvc; C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [334720 2011-12-09] (FileOpen Systems Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-02-12] (Google)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-04-01] (SurfRight B.V.)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [18664 2013-11-05] (SeriousBit)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] ()
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] ()
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-08-04] (Broadcom Corporation.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-04] (Broadcom Corporation.)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S4 LMIRfsClientNP; No ImagePath
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-14] (Microsoft Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-01-30] (Citrix Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 Nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-06-02] (SeriousBit)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [21048 2011-10-10] (Resplendence Software Projects Sp.)
S3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [29752 2011-05-04] (Resplendence Software Projects Sp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2000-01-01] (Synaptics Incorporated)
R3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1202688 2009-10-26] (Motorola Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-05-29] ()
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-01] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-01-01] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-01-01] (Acronis International GmbH)
S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: eventsystem -> C:\Windows\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: iprip -> No ServiceDLL Path.
NETSVCx32: netman -> C:\Windows\SysWOW64\netman.dll ==> No File.
NETSVCx32: wzcsvc -> No ServiceDLL Path.
NETSVCx32: ip6fwhlp -> No ServiceDLL Path.
NETSVCx32: WmdmPmSN -> No ServiceDLL Path.
NETSVCx32: Appinfo -> C:\Windows\SysWOW64\appinfo.dll ==> No File.
NETSVCx32: BDESVC -> C:\Windows\SysWOW64\bdesvc.dll ==> No File.
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll ==> No File.
NETSVCx32: EapHost -> C:\Windows\SysWOW64\eapsvc.dll ==> No File.
NETSVCx32: hkmsvc -> C:\Windows\SysWOW64\kmsvc.dll ==> No File.
NETSVCx32: IKEEXT -> C:\Windows\SysWOW64\ikeext.dll ==> No File.
NETSVCx32: MMCSS -> C:\Windows\SysWOW64\mmcss.dll ==> No File.
NETSVCx32: ProfSvc -> C:\Windows\SysWOW64\profsvc.dll ==> No File.
NETSVCx32: seclogon -> %windir%\SysWOW64\seclogon.dll ==> No File.
NETSVCx32: wercplsupport -> C:\Windows\SysWOW64\wercplsupport.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-06-01 11:53 - 2014-06-01 11:53 - 00053203 _____ () C:\Users\USER\Downloads\FRST.txt
2014-06-01 11:53 - 2014-06-01 11:53 - 00000000 ____D () C:\FRST
2014-06-01 11:52 - 2014-06-01 11:53 - 02067456 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2014-06-01 06:30 - 2014-06-01 06:30 - 00003204 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1005
2014-05-31 20:24 - 2014-05-31 20:24 - 01016261 _____ (Thisisu) C:\Users\USER\Desktop\JRT.exe
2014-05-31 17:28 - 2014-05-31 17:28 - 00000000 ____D () C:\Users\USER\Desktop\%temp%
2014-05-31 17:27 - 2014-05-31 17:27 - 00000000 ____D () C:\Users\USER\Downloads\%temp%
2014-05-30 20:10 - 2014-05-30 20:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-05-30 20:09 - 2014-05-30 20:09 - 05201408 _____ () C:\Users\USER\Desktop\RogueKillerX64.exe
2014-05-30 20:04 - 2014-05-30 20:04 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1000
2014-05-30 20:04 - 2014-05-30 20:04 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1000
2014-05-30 20:03 - 2014-05-30 20:07 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-30 19:38 - 2014-05-30 19:38 - 01327971 _____ () C:\Users\USER\Desktop\AdwCleaner(1).exe
2014-05-30 07:16 - 2014-06-01 06:30 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1005
2014-05-29 23:31 - 2014-05-29 23:31 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill(1)64.exe
2014-05-29 23:21 - 2014-05-29 23:21 - 00032799 _____ () C:\Users\USER\Documents\DDS.txt
2014-05-29 23:21 - 2014-05-29 23:21 - 00032799 _____ () C:\Users\USER\Desktop\dds.txt
2014-05-29 23:21 - 2014-05-29 23:21 - 00023121 _____ () C:\Users\USER\Documents\Attach.txt
2014-05-29 23:21 - 2014-05-29 23:21 - 00023121 _____ () C:\Users\USER\Desktop\attach.txt
2014-05-29 23:18 - 2014-05-29 23:19 - 00688992 ____R (Swearware) C:\Users\USER\Downloads\dds(1).com
2014-05-29 23:18 - 2014-05-29 23:18 - 00688992 _____ (Swearware) C:\Users\USER\Downloads\dds.com
2014-05-29 23:05 - 2014-05-29 23:05 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\iExplore(1).exe
2014-05-29 23:02 - 2014-05-29 23:02 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\USER\Downloads\tdsskiller.exe
2014-05-29 22:03 - 2014-05-29 22:23 - 01380864 _____ () C:\Users\USER\Documents\DS501503.DS2
2014-05-29 17:57 - 2014-05-29 18:55 - 01078784 _____ () C:\Users\USER\Documents\DS501502.DS2
2014-05-29 16:32 - 2014-05-29 16:32 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill(1).exe
2014-05-29 16:05 - 2014-05-29 17:52 - 01707520 _____ () C:\Users\USER\Documents\DS501501.DS2
2014-05-27 00:53 - 2014-06-01 08:07 - 00000000 ____D () C:\Users\eliya\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00042818 _____ () C:\ComboFix.txt
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\New folder\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-27 00:21 - 2014-05-27 00:21 - 05200919 ____R (Swearware) C:\Users\USER\Downloads\ComboFix.exe
2014-05-26 23:31 - 2014-05-26 23:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-05-26 23:31 - 2014-05-26 23:31 - 00000000 ____D () C:\Program Files\Intel
2014-05-26 23:30 - 2014-05-26 23:30 - 00000000 ____D () C:\Users\USER\Intel
2014-05-26 22:30 - 2014-05-26 22:30 - 04958377 _____ (FLVMPlayer ) C:\Users\USER\Desktop\FLVMPlayer2.exe
2014-05-26 21:53 - 2014-05-26 22:30 - 208305293 _____ (Emsisoft GmbH ) C:\Users\USER\Downloads\EmsisoftAntiMalwareSetup.exe.part
2014-05-26 21:51 - 2014-05-26 21:51 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill.exe
2014-05-26 21:51 - 2014-05-26 21:51 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill.com
2014-05-26 21:50 - 2014-05-29 23:39 - 00000726 _____ () C:\Users\USER\Desktop\Rkill.txt
2014-05-26 21:49 - 2014-05-26 21:49 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\iExplore.exe
2014-05-26 00:39 - 2014-05-26 00:39 - 00000000 ____D () C:\Users\USER\Desktop\Old Firefox Data
2014-05-26 00:12 - 2014-05-26 00:12 - 00000000 ____D () C:\Users\New folder
2014-05-26 00:07 - 2014-05-26 00:07 - 50933760 _____ () C:\Users\USER\Desktop\notes_backup_d26052014_t000732.mdb
2014-05-26 00:00 - 2014-06-01 11:53 - 00000000 ____D () C:\ProgramData\TEMP
2014-05-26 00:00 - 2014-05-26 00:00 - 00000450 _____ () C:\Users\USER\Desktop\catchme.log
2014-05-26 00:00 - 2014-05-26 00:00 - 00000000 ____D () C:\Device
2014-05-25 23:37 - 2014-05-27 00:25 - 00000072 _____ () C:\Av-test.txt
2014-05-25 23:33 - 2014-05-30 20:00 - 00000000 ____D () C:\AdwCleaner
2014-05-25 23:33 - 2014-05-25 23:33 - 01326389 _____ () C:\Users\USER\Downloads\AdwCleaner.exe
2014-05-25 22:24 - 2014-05-25 22:24 - 484097265 _____ () C:\Windows\MEMORY.DMP
2014-05-25 22:24 - 2014-05-25 22:24 - 00450832 _____ () C:\Windows\Minidump\052514-30919-01.dmp
2014-05-25 14:59 - 2014-05-25 14:59 - 00003164 _____ () C:\Windows\System32\Tasks\{BE447C4B-AFB3-4AAA-A247-FE7F9CA04835}
2014-05-25 14:55 - 2014-05-25 23:15 - 00000000 ____D () C:\Users\USER\AppData\Local\20640
2014-05-25 14:55 - 2014-05-25 14:55 - 00002292 _____ () C:\Users\USER\Desktop\Continue installation  - oxford reading tree talking stories_Downloader Installation.lnk
2014-05-19 20:55 - 2014-05-19 20:55 - 01831235 _____ () C:\Users\USER\Desktop\tab group firefox - Google Search.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01816112 _____ () C:\Users\USER\Desktop\firefox session save as bookmark tab - Google Search.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01782197 _____ () C:\Users\USER\Desktop\Tab Groups Helper __ Add-ons for Firefox.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01495453 _____ () C:\Users\USER\Desktop\Use Tab Groups to organize a lot of tabs _ Firefox Help.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01405180 _____ () C:\Users\USER\Desktop\Is there a setting available that will cause Firefox to save tabs so that they can be all brought up later_ _ Firefox Support Forum _ Mozilla Support.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01397234 _____ () C:\Users\USER\Desktop\How to Save particular Tab Group as a Session_ _ Firefox Support Forum _ Mozilla Support.mht
2014-05-19 00:05 - 2014-05-19 00:05 - 00000000 ____D () C:\Users\USER\Documents\Solveig Multimedia
2014-05-19 00:05 - 2014-05-19 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solveig Multimedia
2014-05-19 00:05 - 2014-05-19 00:05 - 00000000 ____D () C:\Program Files (x86)\Solveig Multimedia
2014-05-19 00:04 - 2014-05-19 00:05 - 07830056 _____ () C:\Users\USER\Downloads\SolveigMM_WMP_Trimmer_Plugin_Home_Edition_3_0_1308_05.exe
2014-05-18 23:38 - 2014-05-18 23:38 - 50933760 _____ () C:\Users\USER\Desktop\notes_backup_d18052014_t233828.mdb
2014-05-18 22:44 - 2014-05-19 00:41 - 00001024 ____H () C:\SYSTAG.BIN
2014-05-17 18:53 - 2014-05-17 18:53 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-17 18:53 - 2014-05-17 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-05-15 23:58 - 2014-05-15 23:58 - 00017572 _____ () C:\Users\USER\Desktop\Restore Report 05-15-2014 10-23-50PM.html
2014-05-15 23:37 - 2014-05-15 23:37 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 03:02 - 2014-05-06 14:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 03:02 - 2014-05-06 14:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 03:02 - 2014-05-06 13:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 03:02 - 2014-05-06 13:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 03:02 - 2014-05-06 13:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 03:02 - 2014-05-06 12:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 09:27 - 2014-05-09 16:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:27 - 2014-05-09 16:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:27 - 2014-03-25 12:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:27 - 2014-03-25 12:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 09:24 - 2014-04-12 12:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:24 - 2014-04-12 12:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:24 - 2014-04-12 12:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:24 - 2014-04-12 12:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:24 - 2014-04-12 12:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:24 - 2014-04-12 12:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:24 - 2014-04-12 12:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:24 - 2014-04-12 12:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 09:24 - 2014-04-12 12:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 09:24 - 2014-03-04 19:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:24 - 2014-03-04 19:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:24 - 2014-03-04 19:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:24 - 2014-03-04 19:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:24 - 2014-03-04 19:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:24 - 2014-03-04 19:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:24 - 2014-03-04 19:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:24 - 2014-03-04 19:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:24 - 2014-03-04 19:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:24 - 2014-03-04 19:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:24 - 2014-03-04 19:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:24 - 2014-03-04 19:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:24 - 2014-03-04 19:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:24 - 2014-03-04 19:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:24 - 2014-03-04 19:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:24 - 2014-03-04 19:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 09:24 - 2014-03-04 19:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 09:24 - 2014-03-04 19:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 09:24 - 2014-03-04 19:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 09:24 - 2014-03-04 19:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 09:24 - 2014-03-04 19:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 23:06 - 2014-05-13 23:21 - 00000000 ____D () C:\Users\USER\AppData\Local\SyncFolders
2014-05-13 23:05 - 2014-05-13 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncFolders
2014-05-13 23:05 - 2014-05-13 23:05 - 00000000 ____D () C:\Program Files (x86)\SyncFolders
2014-05-11 22:49 - 2014-05-11 22:46 - 00858112 _____ () C:\Users\USER\Documents\DS501488.DS2
2014-05-11 22:49 - 2014-05-11 22:32 - 01518080 _____ () C:\Users\USER\Documents\DS501487.DS2
2014-05-11 22:49 - 2014-05-11 20:01 - 02433024 _____ () C:\Users\USER\Documents\DS501484.DS2
2014-05-11 21:01 - 2014-05-11 21:01 - 50933760 _____ () C:\Users\USER\Desktop\notes_backup_d11052014_t210109.mdb
2014-05-09 17:02 - 2014-05-09 17:29 - 02229760 _____ () C:\Users\USER\Documents\DS501483.DS2
2014-05-06 11:22 - 2014-05-06 12:41 - 02634240 _____ () C:\Users\USER\Documents\DS501481.DS2
2014-05-05 21:23 - 2014-05-05 21:23 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-05-05 21:22 - 2014-05-19 00:41 - 00000082 _____ () C:\Windows\SysWOW64\winsevr.dat
2014-05-05 21:22 - 2014-05-19 00:41 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0
2014-05-05 21:22 - 2014-05-05 21:22 - 18012344 _____ (AOMEI Technology Co., Ltd. ) C:\Users\USER\Downloads\Backupper.exe
2014-05-05 21:22 - 2014-05-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Standard Edition 2.0
2014-05-05 21:22 - 2013-05-07 14:27 - 00151480 _____ () C:\Windows\system32\ammntdrv.sys
2014-05-05 21:22 - 2013-05-07 14:27 - 00030648 _____ () C:\Windows\system32\ambakdrv.sys
2014-05-05 21:22 - 2013-02-06 15:52 - 00017848 _____ () C:\Windows\system32\amwrtdrv.sys
2014-05-05 15:08 - 2014-05-05 15:12 - 00382464 _____ () C:\Users\USER\Documents\DS501480.DS2
2014-05-05 15:00 - 2014-05-05 15:07 - 00751616 _____ () C:\Users\USER\Documents\DS501479.DS2
2014-05-05 15:00 - 2014-05-05 15:00 - 00002560 _____ () C:\Users\USER\Documents\DS501478.DS2
2014-05-05 14:53 - 2014-05-05 14:59 - 00764416 _____ () C:\Users\USER\Documents\DS501477.DS2
2014-05-05 14:44 - 2014-05-05 14:51 - 00711168 _____ () C:\Users\USER\Documents\DS501476.DS2
2014-05-05 11:31 - 2014-05-05 11:37 - 00322048 _____ () C:\Users\USER\Documents\DS501475.DS2
2014-05-05 07:46 - 2014-05-05 07:48 - 00455696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 07:40 - 2014-05-05 07:40 - 00120240 _____ () C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-04 21:19 - 2014-05-04 21:43 - 01725952 _____ () C:\Users\USER\Documents\DS501474.DS2
2014-05-04 20:56 - 2014-05-04 21:03 - 00641536 _____ () C:\Users\USER\Documents\DS501473.DS2
2014-05-04 17:46 - 2014-05-04 18:16 - 01584128 _____ () C:\Users\USER\Documents\DS501472.DS2
2014-05-04 16:30 - 2014-05-04 17:04 - 02553856 _____ () C:\Users\USER\Documents\DS501470.DS2
2014-05-04 13:26 - 2014-05-04 13:56 - 02017280 _____ () C:\Users\USER\Documents\DS501469.DS2
2014-05-04 12:57 - 2014-05-04 13:26 - 01233408 _____ () C:\Users\USER\Documents\DS501468.DS2
2014-05-03 21:28 - 2014-06-01 11:49 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000UA.job
2014-05-03 21:28 - 2014-05-08 16:44 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000UA
2014-05-03 21:27 - 2014-05-31 16:49 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000Core.job
2014-05-03 21:27 - 2014-05-08 16:44 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000Core
2014-05-03 21:27 - 2014-05-03 21:27 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Google+ Auto Backup
2014-05-02 00:14 - 2014-05-01 23:51 - 02827776 _____ () C:\Users\USER\Documents\DS501466.DS2
2014-05-02 00:14 - 2014-04-27 16:35 - 03210752 _____ () C:\Users\USER\Documents\DS501461.DS2
2014-05-02 00:06 - 2014-05-02 00:06 - 00000000 ____D () C:\Users\USER\Documents\Fragments

==================== One Month Modified Files and Folders =======

2014-06-01 11:53 - 2014-06-01 11:53 - 00053203 _____ () C:\Users\USER\Downloads\FRST.txt
2014-06-01 11:53 - 2014-06-01 11:53 - 00000000 ____D () C:\FRST
2014-06-01 11:53 - 2014-06-01 11:52 - 02067456 _____ (Farbar) C:\Users\USER\Downloads\FRST64.exe
2014-06-01 11:53 - 2014-05-26 00:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-01 11:53 - 2012-07-28 21:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 11:53 - 2011-09-06 19:32 - 00000000 ____D () C:\Users\USER\AppData\Local\Temp
2014-06-01 11:51 - 2011-09-11 03:09 - 00000000 ____D () C:\Users\USER\AppData\Roaming\UK's Kalender
2014-06-01 11:49 - 2014-05-03 21:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000UA.job
2014-06-01 11:41 - 2012-05-30 21:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 08:07 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\eliya\AppData\Local\temp
2014-06-01 06:30 - 2014-06-01 06:30 - 00003204 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1005
2014-06-01 06:30 - 2014-05-30 07:16 - 00003338 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1005
2014-06-01 06:29 - 2012-05-30 21:32 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 05:54 - 2011-09-06 19:32 - 01980584 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 02:00 - 2012-02-19 12:59 - 00000000 ____D () C:\ProgramData\FileCenter
2014-05-31 23:08 - 2012-05-03 17:20 - 00000000 ____D () C:\Users\USER\Documents\a collect ML
2014-05-31 22:12 - 2012-01-30 12:42 - 00000000 ___RD () C:\Users\USER\Documents\a solicitor
2014-05-31 22:11 - 2012-01-30 13:04 - 00000000 ____D () C:\Users\USER\Documents\a west
2014-05-31 20:24 - 2014-05-31 20:24 - 01016261 _____ (Thisisu) C:\Users\USER\Desktop\JRT.exe
2014-05-31 18:09 - 2011-09-22 09:50 - 00003113 _____ () C:\Users\USER\AppData\Roaming\SAS7_000.DAT
2014-05-31 17:28 - 2014-05-31 17:28 - 00000000 ____D () C:\Users\USER\Desktop\%temp%
2014-05-31 17:27 - 2014-05-31 17:27 - 00000000 ____D () C:\Users\USER\Downloads\%temp%
2014-05-31 16:49 - 2014-05-03 21:27 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000Core.job
2014-05-30 21:35 - 2012-02-10 00:35 - 00000632 __RSH () C:\Users\USER\ntuser.pol
2014-05-30 20:20 - 2011-09-10 18:33 - 00000000 ____D () C:\Users\eliya
2014-05-30 20:19 - 2011-09-10 18:34 - 02710878 __RSH () C:\Users\eliya\ntuser.pol
2014-05-30 20:11 - 2009-07-14 14:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 20:11 - 2009-07-14 14:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 20:10 - 2014-05-30 20:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-05-30 20:09 - 2014-05-30 20:09 - 05201408 _____ () C:\Users\USER\Desktop\RogueKillerX64.exe
2014-05-30 20:07 - 2014-05-30 20:03 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-30 20:04 - 2014-05-30 20:04 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1796457039-3476434587-2440364337-1000
2014-05-30 20:04 - 2014-05-30 20:04 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1796457039-3476434587-2440364337-1000
2014-05-30 20:04 - 2013-02-13 20:04 - 00000000 ____D () C:\Users\USER\AppData\Roaming\7 Sticky Notes
2014-05-30 20:02 - 2013-05-20 01:21 - 00538086 _____ () C:\Windows\PFRO.log
2014-05-30 20:02 - 2013-05-15 19:40 - 00086907 _____ () C:\Windows\setupact.log
2014-05-30 20:02 - 2011-09-06 19:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-30 20:02 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 20:00 - 2014-05-25 23:33 - 00000000 ____D () C:\AdwCleaner
2014-05-30 20:00 - 2014-04-30 11:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-30 20:00 - 2011-09-10 20:01 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 20:00 - 2011-09-06 19:33 - 00000981 _____ () C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Internet Explorer.lnk
2014-05-30 19:38 - 2014-05-30 19:38 - 01327971 _____ () C:\Users\USER\Desktop\AdwCleaner(1).exe
2014-05-30 07:15 - 2014-04-24 09:30 - 00000000 ____D () C:\Users\eliya\AppData\Local\Skitch
2014-05-29 23:46 - 2009-07-14 15:13 - 00006466 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 23:42 - 2013-06-02 17:43 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-05-29 23:39 - 2014-05-26 21:50 - 00000726 _____ () C:\Users\USER\Desktop\Rkill.txt
2014-05-29 23:31 - 2014-05-29 23:31 - 01061112 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill(1)64.exe
2014-05-29 23:21 - 2014-05-29 23:21 - 00032799 _____ () C:\Users\USER\Documents\DDS.txt
2014-05-29 23:21 - 2014-05-29 23:21 - 00032799 _____ () C:\Users\USER\Desktop\dds.txt
2014-05-29 23:21 - 2014-05-29 23:21 - 00023121 _____ () C:\Users\USER\Documents\Attach.txt
2014-05-29 23:21 - 2014-05-29 23:21 - 00023121 _____ () C:\Users\USER\Desktop\attach.txt
2014-05-29 23:19 - 2014-05-29 23:18 - 00688992 ____R (Swearware) C:\Users\USER\Downloads\dds(1).com
2014-05-29 23:18 - 2014-05-29 23:18 - 00688992 _____ (Swearware) C:\Users\USER\Downloads\dds.com
2014-05-29 23:05 - 2014-05-29 23:05 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\iExplore(1).exe
2014-05-29 23:02 - 2014-05-29 23:02 - 04165472 _____ (Kaspersky Lab ZAO) C:\Users\USER\Downloads\tdsskiller.exe
2014-05-29 22:23 - 2014-05-29 22:03 - 01380864 _____ () C:\Users\USER\Documents\DS501503.DS2
2014-05-29 18:55 - 2014-05-29 17:57 - 01078784 _____ () C:\Users\USER\Documents\DS501502.DS2
2014-05-29 17:52 - 2014-05-29 16:05 - 01707520 _____ () C:\Users\USER\Documents\DS501501.DS2
2014-05-29 16:32 - 2014-05-29 16:32 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill(1).exe
2014-05-29 15:53 - 2013-04-15 21:40 - 00000000 ____D () C:\Users\USER\Documents\a collect patient
2014-05-29 12:04 - 2012-01-30 13:18 - 00000000 ____D () C:\Users\USER\Documents\a wcc
2014-05-28 21:47 - 2012-05-09 20:52 - 00000000 ____D () C:\Users\USER\AppData\Roaming\.oit
2014-05-28 01:53 - 2012-07-28 21:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-28 01:53 - 2012-07-28 21:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-28 01:53 - 2012-07-28 21:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-28 00:17 - 2011-09-11 10:44 - 00000000 ____D () C:\Users\USER\AppData\Local\CrashDumps
2014-05-27 00:53 - 2014-05-27 00:53 - 00042818 _____ () C:\ComboFix.txt
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\New folder\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-27 00:53 - 2014-05-27 00:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-27 00:53 - 2012-12-30 21:21 - 00000000 ____D () C:\Qoobox
2014-05-27 00:53 - 2011-09-07 11:55 - 00000000 ____D () C:\Users\USER\AppData\Local\Apps\2.0
2014-05-27 00:47 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-27 00:45 - 2009-07-14 12:34 - 90963968 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-27 00:45 - 2009-07-14 12:34 - 29097984 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-27 00:45 - 2009-07-14 12:34 - 02965504 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-27 00:45 - 2009-07-14 12:34 - 00143360 _____ () C:\Windows\system32\config\SAM.bak
2014-05-27 00:45 - 2009-07-14 12:34 - 00036864 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-27 00:39 - 2012-12-30 21:20 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 00:25 - 2014-05-25 23:37 - 00000072 _____ () C:\Av-test.txt
2014-05-27 00:21 - 2014-05-27 00:21 - 05200919 ____R (Swearware) C:\Users\USER\Downloads\ComboFix.exe
2014-05-26 23:59 - 2013-01-02 09:47 - 00002390 _____ () C:\Windows\system32\.crusader
2014-05-26 23:45 - 2012-02-15 12:57 - 00000000 ____D () C:\TEMP
2014-05-26 23:31 - 2014-05-26 23:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-05-26 23:31 - 2014-05-26 23:31 - 00000000 ____D () C:\Program Files\Intel
2014-05-26 23:31 - 2011-09-06 19:43 - 00000000 ____D () C:\ProgramData\Intel
2014-05-26 23:31 - 2011-09-06 19:36 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-26 23:30 - 2014-05-26 23:30 - 00000000 ____D () C:\Users\USER\Intel
2014-05-26 23:28 - 2014-04-03 22:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 23:26 - 2014-02-10 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-05-26 23:26 - 2014-02-10 19:24 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-26 23:23 - 2011-12-03 22:18 - 00000000 ____D () C:\Windows\pss
2014-05-26 23:23 - 2011-09-06 19:32 - 00000000 ___RD () C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Startup
2014-05-26 22:30 - 2014-05-26 22:30 - 04958377 _____ (FLVMPlayer ) C:\Users\USER\Desktop\FLVMPlayer2.exe
2014-05-26 22:30 - 2014-05-26 21:53 - 208305293 _____ (Emsisoft GmbH ) C:\Users\USER\Downloads\EmsisoftAntiMalwareSetup.exe.part
2014-05-26 21:51 - 2014-05-26 21:51 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill.exe
2014-05-26 21:51 - 2014-05-26 21:51 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\rkill.com
2014-05-26 21:49 - 2014-05-26 21:49 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\USER\Downloads\iExplore.exe
2014-05-26 00:39 - 2014-05-26 00:39 - 00000000 ____D () C:\Users\USER\Desktop\Old Firefox Data
2014-05-26 00:12 - 2014-05-26 00:12 - 00000000 ____D () C:\Users\New folder
2014-05-26 00:07 - 2014-05-26 00:07 - 50933760 _____ () C:\Users\USER\Desktop\notes_backup_d26052014_t000732.mdb
2014-05-26 00:00 - 2014-05-26 00:00 - 00000450 _____ () C:\Users\USER\Desktop\catchme.log
2014-05-26 00:00 - 2014-05-26 00:00 - 00000000 ____D () C:\Device
2014-05-25 23:33 - 2014-05-25 23:33 - 01326389 _____ () C:\Users\USER\Downloads\AdwCleaner.exe
2014-05-25 23:15 - 2014-05-25 14:55 - 00000000 ____D () C:\Users\USER\AppData\Local\20640
2014-05-25 22:45 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-25 22:24 - 2014-05-25 22:24 - 484097265 _____ () C:\Windows\MEMORY.DMP
2014-05-25 22:24 - 2014-05-25 22:24 - 00450832 _____ () C:\Windows\Minidump\052514-30919-01.dmp
2014-05-25 14:59 - 2014-05-25 14:59 - 00003164 _____ () C:\Windows\System32\Tasks\{BE447C4B-AFB3-4AAA-A247-FE7F9CA04835}
2014-05-25 14:55 - 2014-05-25 14:55 - 00002292 _____ () C:\Users\USER\Desktop\Continue installation  - oxford reading tree talking stories_Downloader Installation.lnk
2014-05-25 06:20 - 2012-04-15 20:53 - 00000000 ____D () C:\Users\eliya\AppData\Roaming\Skype
2014-05-25 00:59 - 2009-07-14 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 23:33 - 2011-12-11 15:05 - 00000000 ____D () C:\Users\USER\AppData\Roaming\HpUpdate
2014-05-19 20:55 - 2014-05-19 20:55 - 01831235 _____ () C:\Users\USER\Desktop\tab group firefox - Google Search.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01816112 _____ () C:\Users\USER\Desktop\firefox session save as bookmark tab - Google Search.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01782197 _____ () C:\Users\USER\Desktop\Tab Groups Helper __ Add-ons for Firefox.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01495453 _____ () C:\Users\USER\Desktop\Use Tab Groups to organize a lot of tabs _ Firefox Help.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01405180 _____ () C:\Users\USER\Desktop\Is there a setting available that will cause Firefox to save tabs so that they can be all brought up later_ _ Firefox Support Forum _ Mozilla Support.mht
2014-05-19 20:55 - 2014-05-19 20:55 - 01397234 _____ () C:\Users\USER\Desktop\How to Save particular Tab Group as a Session_ _ Firefox Support Forum _ Mozilla Support.mht
2014-05-19 00:41 - 2014-05-18 22:44 - 00001024 ____H () C:\SYSTAG.BIN
2014-05-19 00:41 - 2014-05-05 21:22 - 00000082 _____ () C:\Windows\SysWOW64\winsevr.dat
2014-05-19 00:41 - 2014-05-05 21:22 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0
2014-05-19 00:05 - 2014-05-19 00:05 - 00000000 ____D () C:\Users\USER\Documents\Solveig Multimedia
2014-05-19 00:05 - 2014-05-19 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solveig Multimedia
2014-05-19 00:05 - 2014-05-19 00:05 - 00000000 ____D () C:\Program Files (x86)\Solveig Multimedia
2014-05-19 00:05 - 2014-05-19 00:04 - 07830056 _____ () C:\Users\USER\Downloads\SolveigMM_WMP_Trimmer_Plugin_Home_Edition_3_0_1308_05.exe
2014-05-18 23:38 - 2014-05-18 23:38 - 50933760 _____ () C:\Users\USER\Desktop\notes_backup_d18052014_t233828.mdb
2014-05-18 23:31 - 2011-09-15 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Olympus DSS Player Pro
2014-05-18 23:31 - 2011-09-15 22:53 - 00000709 _____ () C:\Windows\Support.ini
2014-05-18 23:30 - 2011-09-15 22:54 - 00196608 _____ (OLYMPUS IMAGING CORP.) C:\Windows\SysWOW64\olylistenserver.dll
2014-05-18 07:55 - 2012-03-09 16:36 - 00000000 ____D () C:\Users\eliya\AppData\Local\CrashDumps
2014-05-17 18:53 - 2014-05-17 18:53 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2014-05-17 18:53 - 2014-05-17 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-05-17 18:53 - 2011-09-17 23:03 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-05-17 18:53 - 2011-09-17 23:03 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-05-15 23:58 - 2014-05-15 23:58 - 00017572 _____ () C:\Users\USER\Desktop\Restore Report 05-15-2014 10-23-50PM.html
2014-05-15 23:40 - 2013-11-13 21:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-15 23:39 - 2013-06-27 22:54 - 00063204 _____ () C:\Windows\DPINST.LOG
2014-05-15 23:37 - 2014-05-15 23:37 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 23:37 - 2014-01-01 23:36 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-15 23:37 - 2013-06-27 22:53 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-15 23:37 - 2012-07-09 21:50 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 23:12 - 2011-10-03 21:07 - 00007637 _____ () C:\Users\USER\AppData\Local\resmon.resmoncfg
2014-05-15 22:43 - 2011-09-08 20:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-15 08:27 - 2011-09-06 19:32 - 00000000 ___RD () C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Administrative Tools
2014-05-15 06:28 - 2012-03-04 07:21 - 00000000 ___RD () C:\Users\eliya\AppData\Roaming\Microsoft\Start Menu\Programs\Administrative Tools
2014-05-15 04:24 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 03:19 - 2014-04-23 22:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 03:19 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 09:31 - 2011-09-07 12:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 09:30 - 2013-08-07 14:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 09:30 - 2013-01-02 09:39 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-05-14 09:27 - 2011-09-07 09:10 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 23:21 - 2014-05-13 23:06 - 00000000 ____D () C:\Users\USER\AppData\Local\SyncFolders
2014-05-13 23:05 - 2014-05-13 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncFolders
2014-05-13 23:05 - 2014-05-13 23:05 - 00000000 ____D () C:\Program Files (x86)\SyncFolders
2014-05-11 22:46 - 2014-05-11 22:49 - 00858112 _____ () C:\Users\USER\Documents\DS501488.DS2
2014-05-11 22:32 - 2014-05-11 22:49 - 01518080 _____ () C:\Users\USER\Documents\DS501487.DS2
2014-05-11 21:01 - 2014-05-11 21:01 - 50933760 _____ () C:\Users\USER\Desktop\notes_backup_d11052014_t210109.mdb
2014-05-11 20:01 - 2014-05-11 22:49 - 02433024 _____ () C:\Users\USER\Documents\DS501484.DS2
2014-05-09 17:29 - 2014-05-09 17:02 - 02229760 _____ () C:\Users\USER\Documents\DS501483.DS2
2014-05-09 16:14 - 2014-05-14 09:27 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 16:11 - 2014-05-14 09:27 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:44 - 2014-05-03 21:28 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000UA
2014-05-08 16:44 - 2014-05-03 21:27 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1796457039-3476434587-2440364337-1000Core
2014-05-06 14:40 - 2014-05-15 03:02 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 14:36 - 2012-05-30 21:32 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-06 14:36 - 2012-05-30 21:32 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 14:17 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 13:25 - 2014-05-15 03:02 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 13:07 - 2014-05-15 03:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 13:00 - 2014-05-15 03:02 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 12:41 - 2014-05-06 11:22 - 02634240 _____ () C:\Users\USER\Documents\DS501481.DS2
2014-05-06 12:10 - 2014-05-15 03:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-06 09:36 - 2013-02-04 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-05 21:23 - 2014-05-05 21:23 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-05-05 21:22 - 2014-05-05 21:22 - 18012344 _____ (AOMEI Technology Co., Ltd. ) C:\Users\USER\Downloads\Backupper.exe
2014-05-05 21:22 - 2014-05-05 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Standard Edition 2.0
2014-05-05 20:46 - 2013-02-10 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aaa data recovery
2014-05-05 15:12 - 2014-05-05 15:08 - 00382464 _____ () C:\Users\USER\Documents\DS501480.DS2
2014-05-05 15:07 - 2014-05-05 15:00 - 00751616 _____ () C:\Users\USER\Documents\DS501479.DS2
2014-05-05 15:00 - 2014-05-05 15:00 - 00002560 _____ () C:\Users\USER\Documents\DS501478.DS2
2014-05-05 14:59 - 2014-05-05 14:53 - 00764416 _____ () C:\Users\USER\Documents\DS501477.DS2
2014-05-05 14:51 - 2014-05-05 14:44 - 00711168 _____ () C:\Users\USER\Documents\DS501476.DS2
2014-05-05 11:37 - 2014-05-05 11:31 - 00322048 _____ () C:\Users\USER\Documents\DS501475.DS2
2014-05-05 07:48 - 2014-05-05 07:46 - 00455696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-05 07:40 - 2014-05-05 07:40 - 00120240 _____ () C:\Users\USER\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-04 23:16 - 2012-12-07 18:25 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Usenet.nl
2014-05-04 21:43 - 2014-05-04 21:19 - 01725952 _____ () C:\Users\USER\Documents\DS501474.DS2
2014-05-04 21:03 - 2014-05-04 20:56 - 00641536 _____ () C:\Users\USER\Documents\DS501473.DS2
2014-05-04 18:16 - 2014-05-04 17:46 - 01584128 _____ () C:\Users\USER\Documents\DS501472.DS2
2014-05-04 17:04 - 2014-05-04 16:30 - 02553856 _____ () C:\Users\USER\Documents\DS501470.DS2
2014-05-04 16:13 - 2012-02-19 16:54 - 00000000 ____D () C:\My Indexes
2014-05-04 13:56 - 2014-05-04 13:26 - 02017280 _____ () C:\Users\USER\Documents\DS501469.DS2
2014-05-04 13:26 - 2014-05-04 12:57 - 01233408 _____ () C:\Users\USER\Documents\DS501468.DS2
2014-05-03 21:28 - 2011-09-07 11:56 - 00000000 ____D () C:\Users\USER\AppData\Local\Google
2014-05-03 21:27 - 2014-05-03 21:27 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Microsoft\Start Menu\Programs\Google+ Auto Backup
2014-05-03 21:21 - 2012-04-30 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-05-03 00:17 - 2012-01-29 19:12 - 00000000 ____D () C:\Windows\Minidump
2014-05-02 00:06 - 2014-05-02 00:06 - 00000000 ____D () C:\Users\USER\Documents\Fragments
2014-05-02 00:06 - 2011-09-06 20:14 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\Users\USER\gosetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 02:12

==================== End Of Log ============================



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:29 PM

Posted 01 June 2014 - 02:51 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   34.43KB   3 downloads

 

 

 

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 robaa

robaa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 01 June 2014 - 04:39 PM

I cannot see link to FRST/FRST64  program/file



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:29 PM

Posted 01 June 2014 - 04:52 PM

 

I cannot see link to FRST/FRST64  program/file

This the the file you used to run Frst to send me the log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 robaa

robaa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 01 June 2014 - 05:09 PM

Firefox working well with no webssearches taking over. Great,

Firefox got stripped of add ons in the process  but  I saw a firefox old data folder created that I assume will let me rebiuld things.

What I notice is that IE is lookking like a very stripped down web page.Just a few boxes on the web page much of the page missing. links dont open at all.

I guess I could download a new IE. But I thought I would mention it.

 

 

_________________________________________________________________________________________________________________

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by USER at 2014-06-02 07:48:00 Run:1
Running from C:\Users\USER\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {4062204A-C036-49C4-A833-46F3E0DE1CED} - \QtraxPlayer No Task File <==== ATTENTION
Task: {55F5F427-D5E8-439B-A546-BD7BF6AB9A57} - \EPUpdater No Task File <==== ATTENTION
Task: {5A0CDCA0-6EF2-4382-AC47-48EF87550CDD} - \DriverUpdate Startup No Task File <==== ATTENTION
Task: {5A9A64DE-ACB5-4488-B8FC-EF04FECBA3E0} - \LaunchApp No Task File <==== ATTENTION
Task: {F50D3D18-5F2D-4682-83EC-DED96DEF38F7} - \Express FilesUpdate No Task File <==== ATTENTION
HKLM-x32\...\Run: [Join (Merge, Combine) Multiple Rar Files Into One Software.exe] => [X]
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\starstableonline\dxwebsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\pccustubinstaller\symcpccuinstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\file scout\filescout.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\onetastic\onecal.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\gosetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\file scout\uninst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\pccustubinstaller\symcpccuinstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\onetastic\onecal.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\starstableonline\dxwebsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\onetastic\onecal.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\starstableonline\dxwebsetup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\pccustubinstaller\symcpccuinstaller.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\file scout\filescout.exe <====== ATTENTION
GroupPolicyUsers\S-1-5-21-1796457039-3476434587-2440364337-1005\User: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\c2yjbhfe.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.93.dll No File
Toolbar: HKLM - No Name - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
C:\Users\USER\gosetup.exe



























SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4062204A-C036-49C4-A833-46F3E0DE1CED} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4062204A-C036-49C4-A833-46F3E0DE1CED} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QtraxPlayer => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55F5F427-D5E8-439B-A546-BD7BF6AB9A57} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55F5F427-D5E8-439B-A546-BD7BF6AB9A57} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A0CDCA0-6EF2-4382-AC47-48EF87550CDD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A0CDCA0-6EF2-4382-AC47-48EF87550CDD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Startup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A9A64DE-ACB5-4488-B8FC-EF04FECBA3E0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A9A64DE-ACB5-4488-B8FC-EF04FECBA3E0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F50D3D18-5F2D-4682-83EC-DED96DEF38F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50D3D18-5F2D-4682-83EC-DED96DEF38F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Join (Merge, Combine) Multiple Rar Files Into One Software.exe => Value deleted successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1796457039-3476434587-2440364337-1005\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => Value deleted successfully.
HKCR\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} => Value deleted successfully.
HKCR\CLSID\{FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf => Key deleted successfully.
C:\Program Files\Tracker Software viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll => Moved successfully.
HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf => Key deleted successfully.
C:\Program Files\Tracker Software viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll not found.
C:\Users\USER\gosetup.exe => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\\SystemComponent => Value deleted successfully.


The system needed a reboot.

==== End of Fixlog ====



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:29 PM

Posted 01 June 2014 - 08:50 PM

Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is  checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 robaa

robaa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 02 June 2014 - 08:29 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/06/2014
Scan Time: 11:11:27 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.02.04
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: USER

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393878
Time Elapsed: 17 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MultiIE.A, HKU\S-1-5-21-1796457039-3476434587-2440364337-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [23897003bcbfd660937440a29b686c94],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:29 PM

Posted 02 June 2014 - 04:08 PM

The Eset log?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users