Jump to content

Doops

Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by Doops

  1. I just finished a scan with MB, turned out clean! Thank you very much! This is the second time you experts here in the forum have helped me out, and I'll donate again. Out of curiosity, may I ask what PUPs detected by MB usually are? They seem harmless, but I know they're security holes. Where are they usually coming from by the way (so I can practice better browsing habits)? (I'm using Firefox as my main browser, with NoScript)
  2. Here is the Zoek file. Thanks again for your help. It was quite scary to have to disable Norton. There were quite a few things I had to manually turn off. zoek-results.txt
  3. After this previous scan, the number of PUPs has gone right back up to four (it was previously 2 for two scans). I'm a little worried. I'm very thankful for your help! Scan log attached. MB_Scan1.txt
  4. Hello, I've been doing my best to keep a computer I got last year clean, and within the past week, I've picked up some PUPs (opencandy). MB has detected at least five of them before (within the past week) but it seems to have removed them down to two particularly sticky ones that keep regenerating after each scan+delete by MB. Your experts have helped me once before, and I'm glad you guys are here. I ask for your help once more. Addition.txt FRST.txt
  5. Both ran clean, and I don't see any other problems that I saw with Spigot. Thank you so much for your help!
  6. I tried to reset IE and Chrome's homepages, and it worked! I haven't seen any search redirects in Firefox since the last OTL fix run either (granted, even before then, I only saw it three times). I think it's fine now! Thank you so much! Is there any way we can check for sure that there's no remaining Spigot data, rootkits, trojans, etc? Just to be sure.
  7. All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-825749163-974839105-3472330399-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6B46B519-F692-44CD-A626-23B2D48A9F47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B46B519-F692-44CD-A626-23B2D48A9F47}\ not found. Prefs.js: "Bing" removed from browser.search.defaultenginename Prefs.js: "Bing" removed from browser.search.selectedEngine Prefs.js: "msn.com" removed from browser.startup.homepage C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\lib folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\defaults folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome\content\subscriptions folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome\content\scripts folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome\content\images folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome\content folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\bin folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\js folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\img folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\filtering folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\dll folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\db folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0 folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\MT\Desktop\Logs\cmd.bat deleted successfully. C:\Users\MT\Desktop\Logs\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: AdMin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MT ->Temp folder emptied: 19690725 bytes ->Temporary Internet Files folder emptied: 3081516 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 394995801 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 4020 bytes User: Public User: TT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Work ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 37184 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 398.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01282014_014009 Files\Folders moved on Reboot... C:\Users\MT\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\MT\AppData\Local\Temp\MMDUtl.log moved successfully. C:\Users\MT\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  8. Also, this was in Firefox (my main browser, which was previously unaffected by the Spigot redirect like IE/Chrome).
  9. This is a new problem: Since yesterday, I've been getting some Bing search hit redirects. Only two incidents so far, but it's worrysome. When I click on a search link, I am sometimes taken to a different site, or a download prompt for some sort of file comes up (usually a zip file). When I am redirected, I click back immediately (though if anything happens, I suppose that the damage is too fast anyways). For the download prompts I deny them. I'm very scared by this.
  10. I ran OTL the same as your last instructions for it, but there was no Extras.txt log this time (just the OTL.txt). Did I do something wrong?
  11. OTL logfile created on: 1/25/2014 9:03:58 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MT\Desktop\Logs 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.86 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 48.94% Memory free 9.63 Gb Paging File | 7.58 Gb Available in Paging File | 78.69% Paging File free Paging file location(s): c:\pagefile.sys 5920 5920 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447.66 Gb Total Space | 334.28 Gb Free Space | 74.67% Space Free | Partition Type: NTFS Computer Name: ASPIRE5755-9401 | User Name: MT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/01/21 21:06:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MT\Desktop\Logs\OTL.exe PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/12/13 17:44:36 | 001,573,184 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe PRC - [2013/12/09 15:02:00 | 002,285,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe PRC - [2013/12/03 16:10:24 | 000,775,968 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe PRC - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2013/10/25 12:07:12 | 000,469,280 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exe PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe PRC - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe PRC - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2011/11/29 18:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011/06/30 21:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011/06/30 21:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2011/05/20 13:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011/05/20 13:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011/05/09 20:41:56 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2011/04/20 16:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2011/04/20 16:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/16 20:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/09/30 05:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010/03/08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe ========== Modules (No Company Name) ========== MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll MOD - [2011/05/20 13:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011/05/20 13:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV:64bit: - [2011/11/29 18:48:06 | 000,131,000 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cthwsrv64.exe -- (CypherGuard Info Service) SRV:64bit: - [2011/11/29 18:26:28 | 000,127,416 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe -- (CypherGuard cguard Service 64bit Edition) SRV:64bit: - [2011/08/02 13:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2011/05/02 16:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/05/02 16:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/05/02 16:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/12/20 05:26:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/12/16 16:51:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7) SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc) SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/10/07 14:19:22 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService) SRV - [2013/10/07 13:30:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011/11/29 18:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe -- (CypherGuard cguard Service 32bit Edition) SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/09/30 05:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/11/13 13:23:49 | 000,435,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013/10/09 09:16:27 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/10/08 10:43:55 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/22 17:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/12/14 16:40:22 | 000,123,832 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cymon.sys -- (Cymon) DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/06/19 09:35:09 | 000,196,704 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV:64bit: - [2011/05/16 16:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2011/05/06 12:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011/05/01 16:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/05 06:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2011/02/10 01:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/02/10 01:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2014/01/23 13:35:22 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140125.005\ex64.sys -- (NAVEX15) DRV - [2014/01/23 13:35:22 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140125.005\eng64.sys -- (NAVENG) DRV - [2014/01/20 18:45:57 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140124.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/11/21 00:07:51 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/11/21 00:07:51 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/11/19 16:10:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2013/11/19 16:10:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2012/12/14 16:40:24 | 000,110,136 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\cymon.sys -- (Cymon) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=198484&fr=spigot-yhp-ie IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 5B 45 94 2D C4 CE 01 [binary data] IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_enUS557 IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes\{6B46B519-F692-44CD-A626-23B2D48A9F47}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "msn.com" FF - prefs.js..extensions.enabledAddons: rikaichan-jpen%40polarcloud.com:2.01.130701 FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.07 FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2013/10/09 11:17:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2014/01/25 20:57:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/10 15:55:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 22:59:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/10 15:55:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 22:59:14 | 000,000,000 | ---D | M] [2013/10/20 12:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Extensions [2014/01/24 21:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions [2013/10/20 13:05:13 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2013/10/20 13:05:13 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013/12/13 13:27:49 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net [2013/10/20 13:14:44 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\rikaichan-jpen@polarcloud.com [2014/01/16 12:09:38 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/01/04 19:03:59 | 000,000,905 | ---- | M] () -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\searchplugins\yahoo_ff.xml [2013/12/20 05:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/12/20 05:26:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF File not found (No name found) -- C:\USERS\MT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZZ5BZ6N.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM [2013/11/15 03:32:00 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - Extension: Google Docs = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Ads Removal = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\ CHR - Extension: avast! Online Security = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\ CHR - Extension: Skype Click to Call = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\ CHR - Extension: Norton Identity Protection = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0\ CHR - Extension: Store = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: Google Wallet = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Gmail = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-825749163-974839105-3472330399-1004..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0BCF2FB-1545-4F42-9C6F-8160A8B30C5C}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9B0643F-BDCE-4FE4-8860-BF102ADAAB91}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6c7c70cb-545e-11e3-b0b5-b870f4ee7158}\Shell - "" = AutoRun O33 - MountPoints2\{6c7c70cb-545e-11e3-b0b5-b870f4ee7158}\Shell\AutoRun\command - "" = V:\setup.exe O33 - MountPoints2\{7a1d30ab-4118-11e3-8e84-b870f4ee7158}\Shell - "" = AutoRun O33 - MountPoints2\{7a1d30ab-4118-11e3-8e84-b870f4ee7158}\Shell\AutoRun\command - "" = V:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/01/24 22:13:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2014/01/24 22:13:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014/01/24 21:28:14 | 000,000,000 | ---D | C] -- C:\_OTL [2014/01/21 20:50:55 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\Logs [2014/01/21 20:50:15 | 000,000,000 | ---D | C] -- C:\Users\MT\Documents\Black Crusade [2014/01/20 10:50:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/01/20 10:49:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/01/17 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\NUIP [2014/01/17 19:36:22 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\Unity [2014/01/15 14:02:04 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\Unity [2014/01/15 11:03:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2014/01/13 09:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVa Network Setup Tool [2014/01/13 09:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\University of Virginia [2014/01/07 01:02:55 | 000,000,000 | ---D | C] -- C:\Users\MT\Documents\GuP Motto Love Love Sakusen Desu C08 [2014/01/05 10:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2014/01/04 19:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller [2014/01/04 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData [2014/01/04 19:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} [2014/01/04 19:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 [2014/01/03 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\SPSSInc [2014/01/03 20:51:18 | 000,000,000 | ---D | C] -- C:\Users\MT\.spss [2014/01/03 20:50:52 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\javasharedresources [2014/01/03 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\Job [2014/01/03 19:26:33 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\IBM [2014/01/03 19:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel [2014/01/03 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\MedEssays [2014/01/03 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SPSS [2014/01/03 19:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics [2014/01/03 19:23:46 | 000,000,000 | ---D | C] -- C:\SysWOW64 [2014/01/03 19:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IBM [2014/01/03 19:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IBM [2014/01/02 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\e-academy Inc [2014/01/02 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\e-academy Inc ========== Files - Modified Within 30 Days ========== [2014/01/25 21:03:35 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job [2014/01/25 21:03:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/25 21:03:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/25 21:02:19 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/01/25 21:02:19 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/01/25 21:02:19 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/01/25 20:59:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/01/25 20:55:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/25 20:55:36 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2014/01/25 20:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/01/25 20:14:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/01/24 22:15:45 | 000,762,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/01/24 13:43:41 | 503,663,545 | ---- | M] () -- C:\Users\MT\Documents\[underwater] KILL la KILL - 15 (720p) [9FE2481B].mkv [2014/01/23 00:34:40 | 429,702,335 | ---- | M] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 02 [3570BC9C].mkv [2014/01/23 00:33:28 | 402,262,665 | ---- | M] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 03 [47F4A5C7].mkv [2014/01/22 04:56:53 | 000,158,109 | ---- | M] () -- C:\Users\MT\Desktop\FacultyStaff Discount Program _3_.pdf [2014/01/16 22:36:44 | 349,278,301 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 14 [720p].mkv [2014/01/15 22:52:54 | 000,464,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/01/15 11:04:24 | 000,003,719 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2014/01/14 15:19:37 | 318,472,067 | ---- | M] () -- C:\Users\MT\Documents\[FFF] Sekai Seifuku ~Bouryaku no Zvezda~ - 01 [043C6B38].mkv [2014/01/13 09:08:51 | 000,001,371 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CertChecker.lnk [2014/01/09 23:37:10 | 445,342,059 | ---- | M] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [flac+scans].zip [2014/01/09 23:36:01 | 181,547,899 | ---- | M] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [320k+scans].zip [2014/01/09 21:40:14 | 375,854,580 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10.5 [720p].mkv [2014/01/09 21:38:01 | 376,281,091 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10 [720p].mkv [2014/01/09 21:37:19 | 524,318,219 | ---- | M] () -- C:\Users\MT\Documents\[Commie] Kyousougiga - 09 [4D1C06C5].mkv [2014/01/09 14:59:08 | 348,459,256 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 13 [720p].mkv [2014/01/07 21:06:09 | 432,938,492 | ---- | M] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 01 [F0D3C74F].mkv [2014/01/07 12:01:24 | 000,506,084 | ---- | M] () -- C:\Users\MT\Desktop\010.jpg [2014/01/04 19:19:53 | 000,011,054 | ---- | M] () -- C:\Users\MT\Documents\cc_20140104_191934.reg [2014/01/03 19:22:13 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz [2014/01/03 19:22:13 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll [2014/01/03 19:22:13 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm [2014/01/03 19:22:12 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.tgz [2014/01/03 19:22:12 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.dll [2014/01/02 16:38:43 | 001,922,012 | ---- | M] () -- C:\Users\MT\Documents\Devil Vs Goddess (Pixiv 40638995) - Imgur.zip ========== Files Created - No Company Name ========== [2014/01/24 22:15:45 | 000,762,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/01/24 13:40:42 | 503,663,545 | ---- | C] () -- C:\Users\MT\Documents\[underwater] KILL la KILL - 15 (720p) [9FE2481B].mkv [2014/01/23 00:30:46 | 429,702,335 | ---- | C] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 02 [3570BC9C].mkv [2014/01/23 00:30:15 | 402,262,665 | ---- | C] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 03 [47F4A5C7].mkv [2014/01/22 04:57:01 | 000,158,109 | ---- | C] () -- C:\Users\MT\Desktop\FacultyStaff Discount Program _3_.pdf [2014/01/16 22:33:12 | 349,278,301 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 14 [720p].mkv [2014/01/15 11:04:24 | 000,003,719 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2014/01/14 15:17:28 | 318,472,067 | ---- | C] () -- C:\Users\MT\Documents\[FFF] Sekai Seifuku ~Bouryaku no Zvezda~ - 01 [043C6B38].mkv [2014/01/13 09:08:51 | 000,001,371 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CertChecker.lnk [2014/01/09 23:31:36 | 445,342,059 | ---- | C] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [flac+scans].zip [2014/01/09 23:31:25 | 181,547,899 | ---- | C] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [320k+scans].zip [2014/01/09 21:34:20 | 375,854,580 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10.5 [720p].mkv [2014/01/09 21:32:47 | 376,281,091 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10 [720p].mkv [2014/01/09 21:32:42 | 524,318,219 | ---- | C] () -- C:\Users\MT\Documents\[Commie] Kyousougiga - 09 [4D1C06C5].mkv [2014/01/09 14:52:03 | 348,459,256 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 13 [720p].mkv [2014/01/07 20:59:27 | 432,938,492 | ---- | C] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 01 [F0D3C74F].mkv [2014/01/07 12:01:24 | 000,506,084 | ---- | C] () -- C:\Users\MT\Desktop\010.jpg [2014/01/04 19:19:38 | 000,011,054 | ---- | C] () -- C:\Users\MT\Documents\cc_20140104_191934.reg [2014/01/03 19:22:12 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.tgz [2014/01/03 19:22:12 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2014/01/03 19:22:12 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.tgz [2014/01/03 19:22:12 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2014/01/03 19:22:12 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\servdat.slm [2014/01/02 16:38:51 | 001,922,012 | ---- | C] () -- C:\Users\MT\Documents\Devil Vs Goddess (Pixiv 40638995) - Imgur.zip [2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013/10/31 23:23:55 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2013/10/26 01:12:31 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2013/10/26 01:12:24 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2013/10/10 15:48:49 | 000,210,391 | ---- | C] () -- C:\Windows\hpwins19.dat [2013/10/10 15:48:49 | 000,000,673 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2013/10/08 08:03:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2013/10/08 08:02:49 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014/01/13 08:56:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit [2014/01/13 08:56:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit [2013/10/08 08:45:34 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\ControlCenter4 [2013/10/26 01:07:03 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\CypherTec [2013/10/08 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\DAEMON Tools Lite [2013/10/26 01:36:16 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\DLsite [2014/01/02 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\e-academy Inc [2014/01/04 19:12:51 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\IObit [2013/10/08 11:23:43 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Nuance [2013/10/23 20:26:32 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\PowerCinema [2014/01/03 20:52:08 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\SPSSInc [2013/10/10 08:08:31 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Stardock [2014/01/17 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Unity [2013/10/09 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\WildTangent [2013/10/08 08:23:08 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\ControlCenter4 [2013/10/09 20:11:04 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\e-academy Inc [2013/10/17 20:37:49 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\ImgBurn [2014/01/12 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\IObit [2013/10/08 08:14:54 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\Nuance [2013/10/08 07:19:39 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\TeraCopy [2013/10/08 08:15:10 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\Zeon [2014/01/13 08:57:49 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\ControlCenter4 [2014/01/13 08:57:54 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\IObit [2014/01/13 09:00:45 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\SPSSInc ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/11/25 01:01:10 | 442,453,349 | ---- | M] ()(C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 ?降臨前夜?」 (BD 1280x720 x264 AAC 中国語字幕).mp4) -- C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 〜降臨前夜〜」 (BD 1280x720 x264 AAC 中国語字幕).mp4 [2013/11/25 00:55:17 | 442,453,349 | ---- | C] ()(C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 ?降臨前夜?」 (BD 1280x720 x264 AAC 中国語字幕).mp4) -- C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 〜降臨前夜〜」 (BD 1280x720 x264 AAC 中国語字幕).mp4 < End of report >
  12. IE is still redirecting to Yahoo with a check after the OTL run.
  13. All processes killed ========== OTL ========== HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\ascsurfingprotection@iobit.com\chrome\content folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\ascsurfingprotection@iobit.com\chrome folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\ascsurfingprotection@iobit.com folder moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully. C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\updates folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\share folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\ie folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\MT\Desktop\Logs\cmd.bat deleted successfully. C:\Users\MT\Desktop\Logs\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: AdMin ->Temp folder emptied: 4786586 bytes ->Temporary Internet Files folder emptied: 64985118 bytes ->Flash cache emptied: 42424 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 57472 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MT ->Temp folder emptied: 1115889 bytes ->Temporary Internet Files folder emptied: 12811254 bytes ->Java cache emptied: 42293 bytes ->FireFox cache emptied: 379222121 bytes ->Google Chrome cache emptied: 14044730 bytes ->Flash cache emptied: 73131 bytes User: Public User: TT ->Temp folder emptied: 595921 bytes ->Temporary Internet Files folder emptied: 128 bytes ->Java cache emptied: 49090 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 57983 bytes User: Work ->Temp folder emptied: 789390 bytes ->Temporary Internet Files folder emptied: 7198691 bytes ->Flash cache emptied: 57547 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 994314 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42240976 bytes RecycleBin emptied: 717109287 bytes Total Files Cleaned = 1,189.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01242014_212814 Files\Folders moved on Reboot... C:\Users\MT\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\MT\AppData\Local\Temp\MMDUtl.log moved successfully. C:\Users\MT\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  14. Extras.txt OTL Extras logfile created on: 1/22/2014 12:46:40 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MT\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.86 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 47.19% Memory free 9.63 Gb Paging File | 7.43 Gb Available in Paging File | 77.12% Paging File free Paging file location(s): c:\pagefile.sys 5920 5920 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447.66 Gb Total Space | 336.28 Gb Free Space | 75.12% Space Free | Partition Type: NTFS Computer Name: ASPIRE5755-9401 | User Name: MT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{27DBA220-9122-476B-B4AF-21BE0B96DE71}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | "{4296F753-A53E-47FB-8CF8-2A187EA38CFA}" = rport=445 | protocol=6 | dir=out | app=system | "{527BF00E-F5C6-46B5-80AF-92FEF8750E58}" = rport=137 | protocol=17 | dir=out | app=system | "{618274DA-4BB2-47F3-B619-6E0E52467D0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{61838BBC-7166-4F8B-8470-DE6075F63508}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6A4D7EB5-2CB3-42E9-8541-9208C3911024}" = lport=137 | protocol=17 | dir=in | app=system | "{7514E482-B479-4D8F-B5DC-02E42D7AF6B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{76C7F152-A783-4288-B58C-51CA0F7FA246}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7D911053-BE63-41DE-AA19-1108DE01AC9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{81AD360E-816B-4658-AEEA-DF62C013A4F2}" = rport=10243 | protocol=6 | dir=out | app=system | "{83651B15-88AE-4B56-9B7B-84FF10BDE76E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8879D10C-9206-464C-BDC0-63FF19A7E88B}" = rport=139 | protocol=6 | dir=out | app=system | "{9280B1D8-039A-4222-9A63-A59B3E42AEBA}" = lport=445 | protocol=6 | dir=in | app=system | "{96B8D625-EEB4-4C8D-B7FC-06CD7C5D4AA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A7C8B67A-674D-4557-804C-0B6A8CFED7D6}" = rport=138 | protocol=17 | dir=out | app=system | "{AB7276B5-355B-4AB8-A889-386DF9252B82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B1FEA02E-AD54-488F-A4BD-12AD394B12DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B91C8AEB-7497-457C-8545-E5F2348BEF37}" = lport=2869 | protocol=6 | dir=in | app=system | "{C375A13D-8311-4DD7-A567-5EC3D63D7918}" = lport=139 | protocol=6 | dir=in | app=system | "{C8BF8E3C-E25C-4502-AD93-D665A5596FD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D3A6B657-3951-42FC-B594-44DA0392DA17}" = lport=138 | protocol=17 | dir=in | app=system | "{D8EC3F43-1FFB-46FD-A27D-0121BFBB3296}" = lport=10243 | protocol=6 | dir=in | app=system | "{D99A53DA-F2E3-4FB3-BC80-5529034C41A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DD415292-6900-4A47-9E99-5B7FE54EBC71}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{F747A27D-6326-42C1-99C0-90E2890650D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15462950-B164-4CA2-86F9-DA0AA3B8DFCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{164CCA09-39A4-4CF3-ABCA-E6AB9525FD4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{1AEB288A-B780-4D0D-978F-4F358EA437C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{1AF60F84-9B7C-4F89-9686-28D306BFA705}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1C0DBD59-D40C-45C0-97D2-F6AFF1CD28C0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{1F3B538D-3D50-4D0C-BF9D-3499B9378E4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{2097B56B-D93D-4FA0-98C9-275DCF51D798}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{23F15CB6-CB8B-4C6A-9A2F-20F0C18AE6F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{27DC5022-FD18-4F2A-995B-DD43202CD9F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{27DD7C63-441D-4429-A6B3-1FD98895A3DC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{287B5FE3-1602-4285-8BE4-2272F1FE022E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{29CA7291-B6A7-417C-B7DE-BE553E7E5D6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{2E9880EB-5E74-45F0-9E30-4132C16E43C7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{314716B8-122B-42BD-8E37-4E3BC117E97B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | "{3334006E-04B8-4A6E-8325-C2E64ABB3A9A}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{35FD00D7-4DC9-46EC-ACB9-C7991B0D490F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | "{3D9EB480-1D38-45F7-8B03-C26C73CEDD95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40D92468-0419-47C8-8B68-E3AB99F3F458}" = protocol=6 | dir=out | app=system | "{42B713FD-52EE-4DBF-B1A3-A4473D1951CC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4520CBB9-F5A9-4645-BDE9-A65C09CB6C20}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{505DB397-FE61-43D5-A2DF-7085BB4CF7BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{53FBBF7D-95FF-4376-A7CB-E426483E9A3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{577D64B1-C453-4575-92DA-0450B1BB5320}" = protocol=17 | dir=in | app=c:\users\mt\appdata\roaming\utorrent\utorrent.exe | "{6343150F-E36E-4D9A-B81B-6CC8849D99D9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{7FDFFA98-1A35-4AC6-A538-843EF9E51980}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{867BE5DC-1FB1-4781-845F-62CE4A5C35B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{882EE9C6-207F-40C8-8C0C-64F2A6AAD24A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{89AA6A7F-3857-4856-A86F-79C2A8C914D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{904D29CE-0011-4E80-BA67-915D04BA9B03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{9487C9C4-E1A1-4771-BF95-BE53CD992C85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97F75185-3A84-459C-B07B-1CD257F576DB}" = protocol=6 | dir=in | app=c:\users\mt\appdata\roaming\utorrent\utorrent.exe | "{9A4FA2D5-48DB-45AA-A207-FB04B06033C6}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{9DFDDF22-FE30-4B87-93FF-3CD667F924DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{A5884C01-683A-44D7-B254-77D1DF81A89F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A5ABD09A-F2F5-4B32-B99D-CE6C3A25E2FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A7B4E5D0-4499-44D1-86BE-8B468AAEE276}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{A9F7607E-F604-4E07-A36F-1DEBDF58158E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AD639B34-4C96-40EB-B964-3497FB6AE893}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B01C1C90-2B56-484E-8442-D5109F0F8ACD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{B0B6CC60-6D34-4849-96EB-B8140C3C774B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{B0CD2A7D-0FA9-4E72-80ED-9D396E7B3F16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{B76F1F44-3518-477F-A5AE-70E82A056E98}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{BB07C6D4-2186-4250-8A93-D9787C775B02}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BF7A9A4B-37F6-446C-8478-62D2C62F404A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{BFB9ADC5-C3A1-4AFC-8E4D-7BCDCC154829}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C1CDAB75-77EC-4DD1-9B5E-29CEE7C2CE8A}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{C22FA43E-724D-47D5-A354-5D2A825DE658}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{C2B7D509-9402-41A9-9D48-4CD88E5A162D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | "{C304FB7A-3643-4075-9F4B-9492940EA5F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CB69EE29-55AC-49B2-A30B-D3AE7E1CDF28}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{CBB0B887-71B3-4BD7-8071-ACE025A2F98A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D0E826C7-AA0B-4459-B0B1-9765AC55C5FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{DAB1E255-2EB7-4B42-948D-EA689E09CC58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{DD24A5A9-0294-4661-A2CB-57411F537835}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{E0A69DFE-EC46-462D-9D7F-D43AB3C7C6DB}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{E9DB3E1D-4219-4085-B8FC-8F08E62A5F0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{EC08510F-5B03-4A41-B924-382732EA3E9B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F5B5107E-2777-444A-A028-B66189114C58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{FEB9E829-D080-4138-B9E0-528D4573C320}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer "{5208CEC4-308D-44C0-BFEA-FE9D32B043F5}" = CypherGuard Browser for x64 "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013 "{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013 "{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013 "{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013 "{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013 "{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013 "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français "{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español "{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013 "{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013 "{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013 "{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013 "{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013 "{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013 "{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013 "{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013 "{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013 "{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013 "{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013 "{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B220B4C6-869C-4081-AC6D-1A65FFCF874F}" = CypherGuard for Movie x64 Edition "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0 "{BB19952F-77FE-4877-A570-79C150EE6CE4}" = CypherGuard for PDF x64 Edition "{C624E231-8799-43A9-B8C5-FE3FDD2B318B}" = DLsite Viewer 64bit Edition "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E11448F2-0B44-4239-B04E-D88FE743E929}" = Officejet J4500 Series "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "ProInst" = Intel PROSet Wireless "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104875A1-D083-4A34-BC4F-3F635B7F8EF7}" = IBM SPSS Statistics 22 "{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7065DN "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 "{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7682DFED-23C6-44C9-B9FD-109E0B630277}" = Secure Download Manager "{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel® WiDi "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BD7825E5-6B37-4514-B470-C9E5C9E05B89}_is1" = UVa Network Setup Tool version 2.1.0.0 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E86B07AE-9F94-44D5-AD47-DC2716EA90D2}" = Secure Download Manager "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Advanced SystemCare 7_is1" = Advanced SystemCare 7 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-10-17 "Driver Booster_is1" = Driver Booster "Identity Card" = Identity Card "ImgBurn" = ImgBurn "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "InstallShield_{5208CEC4-308D-44C0-BFEA-FE9D32B043F5}" = CypherGuard Browser for x64 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{B220B4C6-869C-4081-AC6D-1A65FFCF874F}" = CypherGuard for Movie x64 Edition "InstallShield_{BB19952F-77FE-4877-A570-79C150EE6CE4}" = CypherGuard for PDF x64 Edition "InstallShield_{C624E231-8799-43A9-B8C5-FE3FDD2B318B}" = DLsite Viewer 64bit Edition "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "IObit Malware Fighter_is1" = IObit Malware Fighter "IObit Surfing Protection_is1" = Surfing Protection "IObitUninstall" = IObit Uninstaller "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "ProInst" = Intel PROSet Wireless "Revo Uninstaller" = Revo Uninstaller 1.95 "Smart Defrag 2_is1" = Smart Defrag 2 "WildTangent acer Master Uninstall" = Acer Games "Winamp" = Winamp "WinCDEmu" = WinCDEmu "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 5.00 (32-bit) "WTA-0ffc9fa0-fbc2-464b-a6bb-f1e43d3be4a6" = Penguins! "WTA-1c5bb5fc-0928-422f-a4d5-d24444c34970" = Bejeweled 2 Deluxe "WTA-5d0c63a0-ef1d-4bd7-91ef-b3789c3a74a7" = FATE: The Cursed King "WTA-76c6c72d-70e0-474c-a7ba-342259050e1f" = Plants vs. Zombies - Game of the Year "WTA-7ebbfa45-efc5-4b21-a6b1-71c8a2e695db" = Torchlight "WTA-84f6763d-870d-4f78-94a6-60481fe04f58" = Build-a-lot 4 - Power Source "WTA-892d759d-bed4-4e11-88cb-13f70c1e8106" = Jewel Match 3 "WTA-8a42c684-e050-4dd7-8c7e-34bfbc19c209" = Zuma's Revenge "WTA-8d8c4623-9157-42b4-8dab-42bd7479bf4c" = Virtual Villagers 5 - New Believers "WTA-919fac9d-a111-46f8-b113-9edf165b3041" = Cradle of Rome 2 "WTA-9ac53bad-5b7a-4112-915d-4938ede47fde" = Agatha Christie - Death on the Nile "WTA-aa9f3e87-47e7-45b9-8fc9-0aea69610ff8" = Chronicles of Albian "WTA-ab14a37b-3ffd-45e4-8d7a-e98d4abe8739" = Governor of Poker 2 Premium Edition "WTA-bde235a6-dac3-4910-ba23-367eefb10d2a" = Chuzzle Deluxe "WTA-c37c081b-135d-4e0b-9e26-02b3816ae160" = Dora's World Adventure "WTA-c84ddb2b-3203-4b61-b270-0f8d6e280c53" = Mystery of Mortlake Mansion "WTA-cf2713c3-d71d-4625-88e4-decbfd25ff46" = Polar Golfer "WTA-dfb4cfa0-1b02-4261-93c5-9619074e4849" = Final Drive: Nitro "WTA-f459d33e-848f-41e0-aa29-f01a5207df3f" = Polar Bowler ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/20/2014 1:04:38 PM | Computer Name = Aspire5755-9401 | Source = WinMgmt | ID = 10 Description = Error - 1/22/2014 1:14:18 AM | Computer Name = Aspire5755-9401 | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 1/20/2014 1:15:57 PM | Computer Name = Aspire5755-9401 | Source = Service Control Manager | ID = 7034 Description = The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). Error - 1/22/2014 1:12:23 AM | Computer Name = Aspire5755-9401 | Source = DCOM | ID = 10010 Description = Error - 1/22/2014 1:45:40 AM | Computer Name = Aspire5755-9401 | Source = Service Control Manager | ID = 7034 Description = The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). < End of report >
  15. OTL.txt OTL logfile created on: 1/22/2014 12:46:39 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MT\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.86 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 47.19% Memory free 9.63 Gb Paging File | 7.43 Gb Available in Paging File | 77.12% Paging File free Paging file location(s): c:\pagefile.sys 5920 5920 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447.66 Gb Total Space | 336.28 Gb Free Space | 75.12% Space Free | Partition Type: NTFS Computer Name: ASPIRE5755-9401 | User Name: MT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/01/21 21:06:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MT\Desktop\OTL.exe PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/12/13 17:44:36 | 001,573,184 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe PRC - [2013/12/09 15:02:00 | 002,285,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe PRC - [2013/12/03 16:10:24 | 000,775,968 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe PRC - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe PRC - [2012/09/23 19:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe PRC - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe PRC - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2011/11/29 18:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011/06/30 21:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011/06/30 21:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2011/05/20 13:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011/05/20 13:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011/05/09 20:41:56 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2011/04/20 16:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2011/04/20 16:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/16 20:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/09/30 05:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010/03/08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe ========== Modules (No Company Name) ========== MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll MOD - [2011/05/20 13:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011/05/20 13:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV:64bit: - [2011/11/29 18:48:06 | 000,131,000 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cthwsrv64.exe -- (CypherGuard Info Service) SRV:64bit: - [2011/11/29 18:26:28 | 000,127,416 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe -- (CypherGuard cguard Service 64bit Edition) SRV:64bit: - [2011/08/02 13:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2011/05/02 16:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/05/02 16:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/05/02 16:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/12/20 05:26:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/12/16 16:51:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7) SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc) SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2013/10/26 01:12:32 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/10/07 14:19:22 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService) SRV - [2013/10/07 13:30:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011/11/29 18:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe -- (CypherGuard cguard Service 32bit Edition) SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/09/30 05:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/11/13 13:23:49 | 000,435,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2013/10/26 01:12:26 | 005,361,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013/10/09 09:16:27 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/10/08 10:43:55 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/22 17:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/12/14 16:40:22 | 000,123,832 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cymon.sys -- (Cymon) DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/06/19 09:35:09 | 000,196,704 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV:64bit: - [2011/05/16 16:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2011/05/06 12:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011/05/01 16:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/05 06:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2011/02/10 01:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/02/10 01:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2014/01/20 18:45:57 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140121.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/12/29 13:04:58 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140121.017\ex64.sys -- (NAVEX15) DRV - [2013/12/29 13:04:58 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140121.017\eng64.sys -- (NAVENG) DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140110.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/11/21 00:07:51 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/11/21 00:07:51 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/11/19 16:10:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2013/11/19 16:10:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2012/12/14 16:40:24 | 000,110,136 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\cymon.sys -- (Cymon) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/ [binary data] IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=198484&fr=spigot-yhp-ie IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 5B 45 94 2D C4 CE 01 [binary data] IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_enUS557 IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes\{6B46B519-F692-44CD-A626-23B2D48A9F47}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "msn.com" FF - prefs.js..extensions.enabledAddons: rikaichan-jpen%40polarcloud.com:2.01.130701 FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.07 FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2013/10/09 11:17:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2014/01/22 00:15:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/10 15:55:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 22:59:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/10 15:55:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 22:59:14 | 000,000,000 | ---D | M] [2013/10/20 12:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Extensions [2014/01/16 12:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions [2013/10/20 13:05:13 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2013/10/20 13:05:13 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013/12/13 13:27:49 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net [2014/01/04 19:12:50 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\ascsurfingprotection@iobit.com [2013/10/20 13:14:44 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\rikaichan-jpen@polarcloud.com [2014/01/16 12:09:38 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/01/04 19:03:59 | 000,000,905 | ---- | M] () -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\searchplugins\yahoo_ff.xml [2013/12/20 05:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/12/20 05:26:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/11/15 03:32:00 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - Extension: Google Docs = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Ads Removal = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\ CHR - Extension: avast! Online Security = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\ CHR - Extension: Skype Click to Call = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\ CHR - Extension: Norton Identity Protection = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0\ CHR - Extension: Store = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: Google Wallet = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Gmail = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit) O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-825749163-974839105-3472330399-1004..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0BCF2FB-1545-4F42-9C6F-8160A8B30C5C}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9B0643F-BDCE-4FE4-8860-BF102ADAAB91}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6c7c70cb-545e-11e3-b0b5-b870f4ee7158}\Shell - "" = AutoRun O33 - MountPoints2\{6c7c70cb-545e-11e3-b0b5-b870f4ee7158}\Shell\AutoRun\command - "" = V:\setup.exe O33 - MountPoints2\{7a1d30ab-4118-11e3-8e84-b870f4ee7158}\Shell - "" = AutoRun O33 - MountPoints2\{7a1d30ab-4118-11e3-8e84-b870f4ee7158}\Shell\AutoRun\command - "" = V:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/01/21 21:06:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MT\Desktop\OTL.exe [2014/01/21 20:50:15 | 000,000,000 | ---D | C] -- C:\Users\MT\Documents\Black Crusade [2014/01/20 10:50:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/01/20 10:49:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/01/19 14:35:41 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\MT\Desktop\JRT.exe [2014/01/17 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\NUIP [2014/01/17 19:36:22 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\Unity [2014/01/15 14:02:04 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\Unity [2014/01/15 11:03:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2014/01/13 09:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVa Network Setup Tool [2014/01/13 09:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\University of Virginia [2014/01/08 09:05:25 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\RJ126458 [2014/01/07 01:02:55 | 000,000,000 | ---D | C] -- C:\Users\MT\Documents\GuP Motto Love Love Sakusen Desu C08 [2014/01/05 10:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2014/01/04 19:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller [2014/01/04 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData [2014/01/04 19:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} [2014/01/04 19:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 [2014/01/03 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\SPSSInc [2014/01/03 20:51:18 | 000,000,000 | ---D | C] -- C:\Users\MT\.spss [2014/01/03 20:50:52 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\javasharedresources [2014/01/03 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\Job [2014/01/03 19:26:33 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\IBM [2014/01/03 19:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel [2014/01/03 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\MedEssays [2014/01/03 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SPSS [2014/01/03 19:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics [2014/01/03 19:23:46 | 000,000,000 | ---D | C] -- C:\SysWOW64 [2014/01/03 19:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IBM [2014/01/03 19:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IBM [2014/01/02 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\e-academy Inc [2014/01/02 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\e-academy Inc [2013/12/25 17:36:02 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\Aoi Yuuki [2013/12/24 15:04:45 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\Hana no Android Gakuen [2013/12/23 23:05:24 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\KLK OST MP3 ========== Files - Modified Within 30 Days ========== [2014/01/22 00:45:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/01/22 00:44:54 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job [2014/01/22 00:44:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/01/22 00:21:49 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/22 00:21:49 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/22 00:18:39 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/01/22 00:18:39 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/01/22 00:18:39 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/01/22 00:14:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/22 00:13:57 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2014/01/21 23:14:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/01/21 21:06:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MT\Desktop\OTL.exe [2014/01/19 14:36:20 | 001,236,282 | ---- | M] () -- C:\Users\MT\Desktop\AdwCleaner.exe [2014/01/19 14:35:43 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\MT\Desktop\JRT.exe [2014/01/18 13:58:36 | 772,433,971 | ---- | M] () -- C:\Windows\MEMORY.DMP [2014/01/16 22:36:44 | 349,278,301 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 14 [720p].mkv [2014/01/15 22:52:54 | 000,464,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/01/15 11:04:24 | 000,003,719 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2014/01/14 15:19:37 | 318,472,067 | ---- | M] () -- C:\Users\MT\Documents\[FFF] Sekai Seifuku ~Bouryaku no Zvezda~ - 01 [043C6B38].mkv [2014/01/13 09:08:51 | 000,001,371 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CertChecker.lnk [2014/01/09 23:37:10 | 445,342,059 | ---- | M] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [flac+scans].zip [2014/01/09 23:36:01 | 181,547,899 | ---- | M] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [320k+scans].zip [2014/01/09 21:40:14 | 375,854,580 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10.5 [720p].mkv [2014/01/09 21:38:01 | 376,281,091 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10 [720p].mkv [2014/01/09 21:37:19 | 524,318,219 | ---- | M] () -- C:\Users\MT\Documents\[Commie] Kyousougiga - 09 [4D1C06C5].mkv [2014/01/09 14:59:08 | 348,459,256 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 13 [720p].mkv [2014/01/07 21:06:09 | 432,938,492 | ---- | M] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 01 [F0D3C74F].mkv [2014/01/07 12:01:24 | 000,506,084 | ---- | M] () -- C:\Users\MT\Desktop\010.jpg [2014/01/04 19:19:53 | 000,011,054 | ---- | M] () -- C:\Users\MT\Documents\cc_20140104_191934.reg [2014/01/03 19:22:13 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz [2014/01/03 19:22:13 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll [2014/01/03 19:22:13 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm [2014/01/03 19:22:12 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.tgz [2014/01/03 19:22:12 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.dll [2014/01/02 16:38:43 | 001,922,012 | ---- | M] () -- C:\Users\MT\Documents\Devil Vs Goddess (Pixiv 40638995) - Imgur.zip ========== Files Created - No Company Name ========== [2014/01/19 14:36:18 | 001,236,282 | ---- | C] () -- C:\Users\MT\Desktop\AdwCleaner.exe [2014/01/18 13:58:36 | 772,433,971 | ---- | C] () -- C:\Windows\MEMORY.DMP [2014/01/16 22:33:12 | 349,278,301 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 14 [720p].mkv [2014/01/15 11:04:24 | 000,003,719 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2014/01/14 15:17:28 | 318,472,067 | ---- | C] () -- C:\Users\MT\Documents\[FFF] Sekai Seifuku ~Bouryaku no Zvezda~ - 01 [043C6B38].mkv [2014/01/13 09:08:51 | 000,001,371 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CertChecker.lnk [2014/01/09 23:31:36 | 445,342,059 | ---- | C] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [flac+scans].zip [2014/01/09 23:31:25 | 181,547,899 | ---- | C] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [320k+scans].zip [2014/01/09 21:34:20 | 375,854,580 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10.5 [720p].mkv [2014/01/09 21:32:47 | 376,281,091 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10 [720p].mkv [2014/01/09 21:32:42 | 524,318,219 | ---- | C] () -- C:\Users\MT\Documents\[Commie] Kyousougiga - 09 [4D1C06C5].mkv [2014/01/09 14:52:03 | 348,459,256 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 13 [720p].mkv [2014/01/07 20:59:27 | 432,938,492 | ---- | C] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 01 [F0D3C74F].mkv [2014/01/07 12:01:24 | 000,506,084 | ---- | C] () -- C:\Users\MT\Desktop\010.jpg [2014/01/04 19:19:38 | 000,011,054 | ---- | C] () -- C:\Users\MT\Documents\cc_20140104_191934.reg [2014/01/03 19:22:12 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.tgz [2014/01/03 19:22:12 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2014/01/03 19:22:12 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.tgz [2014/01/03 19:22:12 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2014/01/03 19:22:12 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\servdat.slm [2014/01/02 16:38:51 | 001,922,012 | ---- | C] () -- C:\Users\MT\Documents\Devil Vs Goddess (Pixiv 40638995) - Imgur.zip [2013/10/31 23:23:55 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2013/10/26 01:12:31 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2013/10/26 01:12:25 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013/10/26 01:12:24 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2013/10/10 15:48:49 | 000,210,391 | ---- | C] () -- C:\Windows\hpwins19.dat [2013/10/10 15:48:49 | 000,000,673 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2013/10/08 08:03:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2013/10/08 08:02:49 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014/01/13 08:56:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit [2014/01/13 08:56:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit [2013/10/08 08:45:34 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\ControlCenter4 [2013/10/26 01:07:03 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\CypherTec [2013/10/08 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\DAEMON Tools Lite [2013/10/26 01:36:16 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\DLsite [2014/01/02 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\e-academy Inc [2014/01/04 19:12:51 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\IObit [2013/10/08 11:23:43 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Nuance [2013/10/23 20:26:32 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\PowerCinema [2014/01/03 20:52:08 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\SPSSInc [2013/10/10 08:08:31 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Stardock [2014/01/17 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Unity [2014/01/19 11:25:55 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\uTorrent [2013/10/09 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\WildTangent [2013/10/08 08:23:08 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\ControlCenter4 [2013/10/09 20:11:04 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\e-academy Inc [2013/10/17 20:37:49 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\ImgBurn [2014/01/12 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\IObit [2013/10/08 08:14:54 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\Nuance [2013/10/08 07:19:39 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\TeraCopy [2013/10/08 08:15:10 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\Zeon [2014/01/13 08:57:49 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\ControlCenter4 [2014/01/13 08:57:54 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\IObit [2014/01/13 09:00:45 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\SPSSInc ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/11/25 01:01:10 | 442,453,349 | ---- | M] ()(C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 ?降臨前夜?」 (BD 1280x720 x264 AAC 中国語字幕).mp4) -- C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 〜降臨前夜〜」 (BD 1280x720 x264 AAC 中国語字幕).mp4 [2013/11/25 00:55:17 | 442,453,349 | ---- | C] ()(C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 ?降臨前夜?」 (BD 1280x720 x264 AAC 中国語字幕).mp4) -- C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 〜降臨前夜〜」 (BD 1280x720 x264 AAC 中国語字幕).mp4 < End of report >
  16. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Home Premium x64 Ran by MT on 01/20/2014 Mon at 11:13:25.45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\MT\AppData\Roaming\mozilla\firefox\profiles\ezz5bz6n.default\user.js Emptied folder: C:\Users\MT\AppData\Roaming\mozilla\firefox\profiles\ezz5bz6n.default\minidumps [4 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01/20/2014 Mon at 11:48:07.41 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.017 - Report created 20/01/2014 at 12:03:06 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : MT - ASPIRE5755-9401 # Running from : C:\Users\MT\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\AdMin\AppData\LocalLow\Fast Free Converter Folder Deleted : C:\Users\TT\AppData\LocalLow\Fast Free Converter Folder Deleted : C:\Users\MT\AppData\Local\PackageAware File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\Software\Fast Free Converter ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\TT\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2256 octets] - [20/01/2014 11:56:06] AdwCleaner[s0].txt - [2205 octets] - [20/01/2014 12:03:06] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2265 octets] ########## Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.01.20.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 MT :: ASPIRE5755-9401 [administrator] 1/20/2014 12:17:22 PM mbam-log-2014-01-20 (12-17-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 284800 Time elapsed: 8 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------------------------------------------------------------- Thank you for telling me about the multiple antivirus problem! After running these scans, the Yahoo/Spigot redirect is still there on IE, so they couldn't fix anything yet.
  17. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2 Run by MT at 11:30:08 on 2014-01-19 Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.3948.835 [GMT -5:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe C:\Program Files\Common Files\CypherTec\cthwsrv64.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\igfxext.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Dolby PCEE4\pcee4.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" mRun: [indexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [NWEReboot] <no file> dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CERTCH~1.LNK - C:\Program Files (x86)\University of Virginia\UVa Network Setup Tool\CertChecker.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{B0BCF2FB-1545-4F42-9C6F-8160A8B30C5C} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{F9B0643F-BDCE-4FE4-8860-BF102ADAAB91} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{F9B0643F-BDCE-4FE4-8860-BF102ADAAB91}\7556C636F6D656F547F6F5556516F575962756C6563737 : DHCPNameServer = 128.143.2.7 128.143.3.7 128.143.22.119 TCP: Interfaces\{F9B0643F-BDCE-4FE4-8860-BF102ADAAB91}\D416E6A657372796 : DHCPNameServer = 8.8.8.8 8.8.4.4 68.105.28.11 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\MicroSoft Office\Office15\OCHelper.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\MicroSoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\MicroSoft Office\Office15\GROOVEEX.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe" x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe" x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\MicroSoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\MicroSoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\MicroSoft Office\Office15\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\MicroSoft Office\Office15\MSOSB.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - msn.com FF - plugin: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\MT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll FF - ExtSQL: 2013-12-21 15:04; adsremoval@adsremoval.net; C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net FF - ExtSQL: 2014-01-04 13:53; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF FF - ExtSQL: 2014-01-04 14:12; ascsurfingprotection@iobit.com; C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\ascsurfingprotection@iobit.com FF - ExtSQL: !HIDDEN! 2013-10-10 16:55; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-20 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-20 207904] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-10-7 55856] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-26 17720] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-10-9 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-10-9 1139800] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-10-20 1034464] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-20 422216] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [2014-1-13 1526488] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-10-9 169048] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140117.001\IDSviA64.sys [2014-1-17 521944] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-10-9 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-10-9 433752] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-1-4 881440] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-20 78648] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-4 50344] R2 Cymon;Cymon;C:\Windows\System32\drivers\cymon.sys [2012-12-14 123832] R2 CypherGuard cguard Service 32bit Edition;CypherGuard cguard Service 32bit Edition;C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe [2011-11-29 109984] R2 CypherGuard cguard Service 64bit Edition;CypherGuard cguard Service 64bit Edition;C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe [2011-11-29 127416] R2 CypherGuard Info Service;CypherGuard Info Service;C:\Program Files\Common Files\CypherTec\cthwsrv64.exe [2011-11-29 131000] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-12 353360] R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2013-10-7 872552] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-12 13592] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-10-26 341824] R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-12 255376] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-10-9 144368] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832] R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-10-7 2656280] R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-4 79672] R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624] R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496] R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-4 196704] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-10-8 245760] R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-5-16 51240] R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-5-6 86056] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-22 137648] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-12 142632] R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-10-26 23048] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-10-26 169752] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-12 317440] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2013-11-13 435512] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760] R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-10-26 34848] R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-10-26 23016] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-4 2151200] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680] S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 240736] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-7 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-7 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-7 30208] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-7 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-01-18 00:36:22 -------- d-----w- C:\Users\MT\AppData\Roaming\Unity 2014-01-15 19:02:04 -------- d-----w- C:\Users\MT\AppData\Local\Unity 2014-01-15 16:03:56 -------- d--h--w- C:\ProgramData\Common Files 2014-01-15 15:00:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-15 10:14:39 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-15 10:14:38 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-15 10:14:38 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-15 10:14:38 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-15 10:14:38 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-15 10:14:38 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-15 10:14:38 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-15 10:14:37 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-15 10:14:37 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-13 14:08:50 -------- d-----w- C:\Program Files (x86)\University of Virginia 2014-01-05 15:46:36 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2014-01-05 00:12:35 -------- d-----w- C:\ProgramData\ProductData 2014-01-05 00:12:34 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} 2014-01-05 00:03:58 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot 2014-01-04 16:59:13 79672 ----a-w- C:\Windows\System32\drivers\aswstm.sys 2014-01-04 01:52:08 -------- d-----w- C:\Users\MT\AppData\Roaming\SPSSInc 2014-01-04 01:51:18 -------- d-----w- C:\Users\MT\.spss 2014-01-04 01:50:52 -------- d-----w- C:\Users\MT\AppData\Local\javasharedresources 2014-01-04 00:26:33 -------- d-----w- C:\Users\MT\AppData\Local\IBM 2014-01-04 00:26:25 -------- d-----w- C:\ProgramData\SafeNet Sentinel 2014-01-04 00:24:51 -------- d-----w- C:\ProgramData\SPSS 2014-01-04 00:23:46 -------- d-----w- C:\SysWOW64 2014-01-04 00:23:44 -------- d-----w- C:\Program Files (x86)\Common Files\IBM 2014-01-04 00:22:32 -------- d-----w- C:\Program Files (x86)\IBM 2014-01-04 00:22:12 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll 2014-01-04 00:22:12 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll 2014-01-03 03:06:03 -------- d-----w- C:\Users\MT\AppData\Roaming\e-academy Inc 2014-01-03 03:06:03 -------- d-----w- C:\Users\MT\AppData\Local\e-academy Inc 2013-12-21 06:04:22 225656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll . ==================== Find3M ==================== . 2014-01-04 16:58:47 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-01-04 16:58:46 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2014-01-04 16:58:45 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-01-04 16:58:43 43152 ----a-w- C:\Windows\avastSS.scr 2013-12-16 21:51:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-16 21:51:37 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-11-13 18:23:49 435512 ----a-w- C:\Windows\System32\drivers\k57nd60a.sys 2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll . ============= FINISH: 11:30:49.92 =============== ----------------------------------------------------------------------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 10/7/2013 1:19:58 PM System Uptime: 1/18/2014 1:58:14 PM (22 hours ago) . Motherboard: Acer | | JV51_HR Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU1 | 2201/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 448 GiB total, 338.462 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP65: 1/11/2014 5:10:51 AM - Scheduled Checkpoint RP66: 1/15/2014 9:59:40 AM - Installed Java 7 Update 51 RP67: 1/15/2014 10:03:27 PM - Windows Update . ==== Installed Programs ====================== . 4500_Help 64 Bit HP CIO Components Installer 7-Zip 9.20 (x64 edition) Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer Games Acer Registration Acer ScreenSaver Acer Updater Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 9 Adobe Reader XI (11.0.06) Adobe Shockwave Player 12.0 Advanced SystemCare 7 Agatha Christie - Death on the Nile Amazon Kindle avast! Free Antivirus Backup Manager V3 Bejeweled 2 Deluxe bpd_scan BPDSoftware BPDSoftware_Ini Broadcom Card Reader Driver Installer Broadcom NetLink Controller Brother MFL-Pro Suite DCP-7065DN BufferChm Build-a-lot 4 - Power Source CCleaner Chronicles of Albian Chuzzle Deluxe clear.fi clear.fi Client Combined Community Codec Pack 2013-10-17 Cradle of Rome 2 CypherGuard Browser for x64 CypherGuard for Movie x64 Edition CypherGuard for PDF x64 Edition D3DX10 Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition Destinations DeviceDiscovery DLsite Viewer 64bit Edition DocMgr DocProc Dolby Advanced Audio v2 Dora's World Adventure Driver Booster Elements 9 Organizer Elements STI Installer ETDWare PS/2-X64 8.0.6.3_WHQL FATE: The Cursed King Fax Final Drive: Nitro Galerie de photos Windows Live Google Toolbar for Internet Explorer Google Update Helper Governor of Poker 2 Premium Edition GPBaseService2 HP Document Manager 2.0 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply IBM SPSS Statistics 22 Identity Card ImgBurn Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® Turbo Boost Technology Monitor 2.0 Intel® WiDi Intel® Wireless Display IObit Malware Fighter IObit Uninstaller J4500 Java 7 Update 45 (64-bit) Java 7 Update 51 Java Auto Updater Jewel Match 3 Junk Mail filter update Launch Manager Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Access MUI (English) 2013 Microsoft Access Setup Metadata MUI (English) 2013 Microsoft Application Error Reporting Microsoft DCF MUI (English) 2013 Microsoft Excel MUI (English) 2013 Microsoft Groove MUI (English) 2013 Microsoft InfoPath MUI (English) 2013 Microsoft Lync MUI (English) 2013 Microsoft Office 32-bit Components 2013 Microsoft Office File Validation Add-In Microsoft Office OSM MUI (English) 2013 Microsoft Office OSM UX MUI (English) 2013 Microsoft Office Professional Plus 2013 Microsoft Office Proofing (English) 2013 Microsoft Office Proofing Tools 2013 - English Microsoft Office Proofing Tools 2013 - Espanol Microsoft Office Shared 32-bit MUI (English) 2013 Microsoft Office Shared MUI (English) 2013 Microsoft Office Shared Setup Metadata MUI (English) 2013 Microsoft OneNote MUI (English) 2013 Microsoft Outlook MUI (English) 2013 Microsoft PowerPoint MUI (English) 2013 Microsoft Publisher MUI (English) 2013 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Word MUI (English) 2013 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Mozilla Firefox 26.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Mystery of Mortlake Mansion Norton Internet Security NTI Media Maker 9 Nuance PaperPort 12 Nuance PDF Viewer Plus OCR Software by I.R.I.S. 13.0 Officejet J4500 Series Outils de verification linguistique 2013 de Microsoft Office?- Francais PaperPort Image Printer 64-bit Penguins! Plants vs. Zombies - Game of the Year Polar Bowler Polar Golfer ProductContext Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Revo Uninstaller 1.95 RPGツクール2000 ランタイムパッケージ Scan Scansoft PDF Professional Secure Download Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft Excel 2013 (KB2827238) 64-Bit Edition Security Update for Microsoft Lync 2013 (KB2850057) 64-Bit Edition Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition Security Update for Microsoft Office 2013 (KB2850064) 64-Bit Edition Security Update for Microsoft Word 2013 (KB2827224) 64-Bit Edition Security Update for Microsoft Word 2013 (KB2863834) 64-Bit Edition Shop for HP Supplies Skype Click to Call Skype? 6.11 Smart Defrag 2 SmartWebPrinting SolutionCenter Status Surfing Protection swMSM Toolbox Torchlight TrayApp Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition Update Installer for WildTangent Games App UVa Network Setup Tool version 2.1.0.0 Virtual Villagers 5 - New Believers WebReg Welcome Center WildTangent Games App Winamp Winamp Detector Plug-in WinCDEmu Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 5.00 (32-bit) Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 1/18/2014 5:04:42 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 1/18/2014 2:21:01 PM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). 1/18/2014 1:59:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000008, 0x0000000000000002, 0x0000000000000000, 0xfffff88001c25a1d). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011814-48750-01. 1/14/2014 10:20:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. 1/12/2014 9:41:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 1/12/2014 12:22:51 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started. 1/12/2014 12:22:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress. 1/12/2014 12:22:48 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147024846. 1/12/2014 12:22:48 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80070032. 1/12/2014 12:21:40 PM, Error: Service Control Manager [7023] - The IPsec Policy Agent service terminated with the following error: The authentication service is unknown. . ==== End Of File ===========================
  18. Oh dear, I'm sorry. I attached them instead of copypasting.
  19. Thank you for the quick response! Here are the logs. dds.txt attach.txt
  20. Hi, Sorry to bother you all. I was stupid. In an effort to clean up my computer, my father recommended Advanced System Care. However, I was incredibly stupid: when installing it, I was going too fast through the Installation and accidentally installed Spigot and its related malware. Now Chrome and IE have annoying and downright scary Yahoo homepage redirects I can't get rid of even after uninstalling Spigot via Uninstall Programs. Firefox doesn't redirect, but sadly also has developed a problem where a lot of the websites I used to go to never completely finish loading. MalwareBytes, Norton, and Avast (Full and Boot scans) don't detect anything. Please help me remove all traces of Spigot and this terrible malware (why isn't this sort of thing illegal after I've already gone through the process of uninstallation?). I am using Windows 7. I'm not very experienced with this, so please have patience with me and talk to me as step-by-step as you can. For any help, thank you in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.