Jump to content

Recommended Posts

Copies of files from scan. Thanks for any and all help.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537
Run by User at 14:51:46 on 2014-03-06
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.3496.1534 [GMT 5.75:45]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\PROLiNK\PROLiNK WN2001\RtlService.exe
C:\Program Files\PROLiNK\PROLiNK WN2001\RtWlan.exe
C:\Program Files\StrongVPN\StrongService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\SmarThru Office\BackUpSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\OutlookTodoistADX\Todoist.Helper.exe
C:\Program Files\OutlookTodoistADX\Todoist.Helper.exe
C:\Program Files\OutlookTodoistADX\Todoist.Helper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
C:\Program Files\Common Files\Intuit\DataProtect\IBuEngHost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office 15\root\office15\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [skyDrive] "c:\users\user\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [Akamai NetSession Interface] "c:\users\user\appdata\local\akamai\netsession_win.exe"
uRun: [Viber] "c:\users\user\appdata\local\viber\Viber.exe" StartMinimized
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [strongVPN Client] "c:\program files\strongvpn\StrongDial.exe" --silent
uRun: [Wunderlist] "c:\program files\wunderlist2\Wunderlist.exe" /silent
uRun: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] "c:\users\user\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
uRun: [smileboxTray] "c:\users\user\appdata\roaming\smilebox\SmileboxTray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sTO Backup Service] c:\program files\smarthru office\BackUpSvr.exe
mRun: [sTO Launcher Service] c:\program files\smarthru office\LegacyLauncher.exe /autorun
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [AndroidSync] c:\program files\android-sync\AndroidSync.exe -m
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2013\QBW32.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3F1AD4C4-8894-4056-B7D0-B07B895169F2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{88A2F5C4-2E39-4339-8CE6-5C85BB19BDC5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{88A2F5C4-2E39-4339-8CE6-5C85BB19BDC5}\34572796C6F6 : DHCPNameServer = 192.168.0.1
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks 2013\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\MSOSB.DLL
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\reader 11.0\esl\AiodLite.dll",CreateReaderUserSettings
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\vj87iu34.default\
FF - prefs.js: browser.startup.homepage - https//google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\microsoft office 15\root\office15\NPSPWRAP.DLL
FF - plugin: c:\users\user\appdata\local\google\update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - ExtSQL: 2014-02-27 16:51; jid1-bKSXgRwy1UQeRA@jetpack; c:\users\user\appdata\roaming\mozilla\firefox\profiles\vj87iu34.default\extensions\jid1-bKSXgRwy1UQeRA@jetpack.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 MpKslf885f916;MpKslf885f916;c:\programdata\microsoft\windows defender\definition updates\{49d939ce-59c5-4fcf-a1bc-496a07a906a5}\MpKslf885f916.sys [2014-3-6 39464]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\adobe\elements 11 organizer\PhotoshopElementsFileAgent.exe [2012-9-23 171600]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-3-4 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-3-4 701512]
R2 OfficeSvc;Microsoft Office Service;c:\program files\microsoft office 15\clientx86\integratedoffice.exe [2013-8-3 1320120]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2013-6-19 1248256]
R2 Realtek11nSU;Realtek11nSU;c:\program files\prolink\prolink wn2001\RtlService.exe [2013-8-3 36864]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-8-14 5120]
R2 StrongVPN Service;StrongVPN Service;c:\program files\strongvpn\StrongService.exe [2013-12-11 97264]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2013-1-3 44296]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2013-1-3 12808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-3-4 22856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2010-10-20 41088]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\drivers\Rt630x86.sys [2012-7-26 495104]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2012-5-23 603280]
R3 tapstrong;StrongVPN Adapter;c:\windows\system32\drivers\tapstrong.sys [2013-12-11 32872]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2014-1-17 32064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2014-1-17 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2014-1-17 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2014-1-17 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2014-1-17 130248]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\drivers\WUDFRd.sys [2012-7-26 155136]
SUnknown MpKsle9fe446c;MpKsle9fe446c; [x]
.
=============== Created Last 30 ================
.
2014-03-06 09:00:51    39464    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{49d939ce-59c5-4fcf-a1bc-496a07a906a5}\MpKslf885f916.sys
2014-03-05 21:29:15    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{49d939ce-59c5-4fcf-a1bc-496a07a906a5}\offreg.dll
2014-03-05 21:15:03    7947048    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{49d939ce-59c5-4fcf-a1bc-496a07a906a5}\mpengine.dll
2014-03-05 20:59:04    252080    ----a-w-    c:\programdata\microsoft\windows\sqm\manifest\Sqm10235.bin
2014-03-05 10:20:18    7760024    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2014-03-04 13:51:48    --------    d-----w-    c:\program files\Vuze
2014-03-04 12:41:47    --------    d-----w-    C:\AdwCleaner
2014-03-04 02:10:13    --------    d-----w-    c:\users\user\appdata\roaming\Malwarebytes
2014-03-04 02:10:04    --------    d-----w-    c:\programdata\Malwarebytes
2014-03-04 02:10:03    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-04 02:10:03    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2014-02-27 11:06:50    --------    d-----w-    c:\users\user\appdata\roaming\trustedshopper
2014-02-27 11:06:50    --------    d-----w-    c:\users\user\appdata\local\UpdateChecker
2014-02-27 05:58:22    --------    d-----w-    c:\users\user\appdata\local\Microsoft_Corporation
2014-02-27 05:54:11    --------    d-----w-    c:\program files\OutlookTodoistADX
2014-02-26 10:46:41    --------    d-----w-    c:\program files\MSECache
2014-02-25 06:29:27    --------    d-----w-    c:\users\user\appdata\roaming\01 Transaction Pro Importer 5.0
2014-02-25 06:29:27    --------    d-----w-    c:\programdata\Synergration
2014-02-25 06:29:27    --------    d-----w-    c:\programdata\01 Transaction Pro Importer 5.0
2014-02-25 06:28:28    159509    ----a-w-    c:\windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
2014-02-25 06:28:25    --------    d-----w-    c:\program files\01 Transaction Pro Importer 5.0
2014-02-20 06:08:39    --------    d-----w-    c:\programdata\Microsoft OneDrive
2014-02-06 05:26:48    --------    d-----w-    C:\output
.
==================== Find3M  ====================
.
2014-01-19 07:32:23    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-09 16:44:11    5705728    ----a-w-    c:\windows\system32\CoreObjX62.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.2.9200 Disk: WDC_WD5000AAKX-75U6AA0 rev.19.01H19 -> Harddisk0\DR0 -> \Device\00000045
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys storahci.sys
1 nt!IofCallDriver[0x81C84FF3] -> \Device\Harddisk0\DR0[0x864592F0]
3 CLASSPNP[0x8C54E0A0] -> nt!IofCallDriver[0x81C84FF3] -> [0x85AC5020]
5 ACPI[0x808B249A] -> nt!IofCallDriver[0x81C84FF3] -> \Device\0000003a[0x85B0CB48]
kernel: MBR read successfully
_asm { ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL; ADD [bX+SI], AL;  }
user != kernel MBR !!!
error: Read  The parameter is incorrect.
.
============= FINISH: 14:51:52.01 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2013 2:06:21 AM
System Uptime: 3/5/2014 5:57:23 PM (21 hours ago)
.
Motherboard: Dell Inc. |  | 042P49
Processor: Intel® Core i5-3470 CPU @ 3.20GHz | CPU 1 | 3201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 232 GiB total, 52.333 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 205.603 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 7 GiB total, 7.451 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP32: 2/13/2014 3:20:08 AM - Scheduled Checkpoint
RP33: 2/20/2014 7:58:14 AM - Scheduled Checkpoint
RP34: 2/26/2014 4:32:01 PM - Installed Microsoft Access database engine 2010 (English)
RP35: 2/28/2014 12:42:11 PM - Removed TrustedShopper
.
==== Installed Programs ======================
.
01 Transaction Pro Importer 5.0
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Flash Player 12 Plugin
Adobe Photoshop CS
Adobe Photoshop Elements 11
Adobe Reader XI (11.0.03)
Akamai NetSession Interface
Amazon Kindle
Android-Sync version v1.111
AudibleManager
Caesium version 1.6.1
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Dropbox
Elements 11 Organizer
eReg
Evernote v. 5.0.3
FormatFactory 3.2.1.0
Gone Home
Google Chrome
HandBrake 0.9.9.1
Inkscape 0.48.4
Intel® Processor Graphics
Logitech SetPoint 6.52
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Access database engine 2010 (English)
Microsoft Office 365 Home Premium - en-us
Microsoft OneDrive
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OutlookTodoistADX
Paint.NET v3.5.11
PhotoScape
PROLiNK Wireless LAN Utility
PSE11 STI Installer
QuickBooks
QuickBooks Pro 2013
Readiris Pro 10
Samsung Kies
Samsung SCX-4300 Series
Samsung Story Album Viewer
Samsung Universal Scan Driver
SAMSUNG USB Driver for Mobile Phones
Skype Click to Call
Skype™ 6.11
SmarThru Office
StrongVPN Client
Todoist
Viber
Vuze
Windows Driver Package - Android-Sync.com (WinUSB) AndroidUsbDeviceClass  (05/01/2013 13.0.0501.00000)
Windows Driver Package - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0)
Windows Driver Package - LG Electronics Inc Modem  (11/30/2010 2.2.0.0)
Windows Driver Package - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0)
Windows Driver Package - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0)
Windows Driver Package - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0)
Windows Driver Package - LG Electronics Inc. Ports  (11/30/2010 2.2.0.0)
Windows Driver Package - LG Electronics Inc. USB  (11/30/2010 2.2.0.0)
Windows Driver Package - LG Electronics, Inc. (andnetndis) Net  (03/07/2012 3.7.0.0)
Windows Driver Package - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0)
Windows Driver Package - LG Electronics, Inc. WPD  (03/07/2012 3.7.0.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/25/2013 2.9.508.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaemdm) Modem  (02/05/2010 5.14.0.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaend5) Net  (02/05/2010 5.14.0.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaeunic) USB  (02/05/2010 5.14.0.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/25/2013 2.9.508.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  WPD  (03/25/2013 2.9.508.0)
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
3/6/2014 12:12:54 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {C2F03A33-21F5-47FA-B4BB-156362A2F239}  and APPID  {316CDED5-E4AE-4B15-9113-7055D84DCC97}  to the user EESDELLDESKTOP\User SID (S-1-5-21-1266843641-3415387651-3088813132-1001) from address LocalHost (Using LRPC) running in the application container 19120CensoredUser.HyperforYouTube_2.0.4.0_neutral__c0tqyanwsgfn6 SID (S-1-15-2-2607529283-3542206436-3725496098-4027219398-3911529083-850641354-1185868082). This security permission can be modified using the Component Services administrative tool.
3/5/2014 5:57:51 PM, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Next,

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Kevin..
Link to post
Share on other sites

Didn't even see that there was a log. Here it is.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.06.03

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16736
User :: EESDELLDESKTOP [administrator]

Protection: Enabled

3/6/2014 5:14:25 PM
mbam-log-2014-03-06 (17-14-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220393
Time elapsed: 9 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Done. I've not taken any action on the results, simply posted the log file here.

 

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 03/07/2014 10:59:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Viber ("C:\Users\User\AppData\Local\Viber\Viber.exe" StartMinimized [7][x]) -> FOUND
[RUN][sUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Users\User\AppData\Roaming\Smilebox\SmileboxTray.exe" [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1266843641-3415387651-3088813132-1001\[...]\Run : Viber ("C:\Users\User\AppData\Local\Viber\Viber.exe" StartMinimized [7][x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1266843641-3415387651-3088813132-1001\[...]\Run : SmileboxTray ("C:\Users\User\AppData\Roaming\Smilebox\SmileboxTray.exe" [x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤
[user][sUSP PATH] Logitech . Product Registration.lnk : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk @C:\PROGRA~1\COMMON~1\Logishrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [-][7][-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IAT @explorer.exe (CoTaskMemFree) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75703700)
[Address] IAT @explorer.exe (CoInitializeEx) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75719DF5)
[Address] IAT @explorer.exe (CoUninitialize) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7571963D)
[Address] IAT @explorer.exe (CreateStreamOnHGlobal) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x757497D7)
[Address] IAT @explorer.exe (CoGetApartmentType) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7571A9CD)
[Address] IAT @explorer.exe (CoWaitForMultipleHandles) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75748B73)
[Address] IAT @explorer.exe (CoFreeUnusedLibraries) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75752329)
[Address] IAT @explorer.exe (CoEnableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75726635)
[Address] IAT @explorer.exe (CoDisableCallCancellation) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7572666B)
[Address] IAT @explorer.exe (CoCancelCall) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x757AE323)
[Address] IAT @explorer.exe (StringFromGUID2) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7571A428)
[Address] IAT @explorer.exe (PropVariantClear) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7571AAF0)
[Address] IAT @explorer.exe (CoMarshalInterThreadInterfaceInStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7574F6D4)
[Address] IAT @explorer.exe (CoReleaseMarshalData) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x757296E2)
[Address] IAT @explorer.exe (CoCreateInstance) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7571C859)
[Address] IAT @explorer.exe (CoRevokeClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x757534F6)
[Address] IAT @explorer.exe (CoRegisterClassObject) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75754757)
[Address] IAT @explorer.exe (CoGetInterfaceAndReleaseStream) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7574F684)
[Address] IAT @explorer.exe (CoGetMalloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75703838)
[Address] IAT @explorer.exe (CoCreateFreeThreadedMarshaler) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7571D270)
[Address] IAT @explorer.exe (CoTaskMemAlloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x757037D7)
[Address] IAT @explorer.exe (CLSIDFromString) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75748056)
[Address] IAT @explorer.exe (CoTaskMemRealloc) : api-ms-win-core-com-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7571AACA)
[Address] IAT @explorer.exe (InterlockedExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4CEF9)
[Address] IAT @explorer.exe (InterlockedIncrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4CE9B)
[Address] IAT @explorer.exe (InterlockedCompareExchange) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4CF0C)
[Address] IAT @explorer.exe (InterlockedDecrement) : api-ms-win-core-interlocked-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4CE8A)
[Address] IAT @explorer.exe (RegCreateKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C6B580)
[Address] IAT @explorer.exe (RegEnumValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5C5C4)
[Address] IAT @explorer.exe (RegQueryInfoKeyW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5C171)
[Address] IAT @explorer.exe (RegQueryValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4FBB6)
[Address] IAT @explorer.exe (RegCloseKey) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4F832)
[Address] IAT @explorer.exe (RegOpenKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4F625)
[Address] IAT @explorer.exe (RegGetValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5296A)
[Address] IAT @explorer.exe (RegOpenCurrentUser) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C563B3)
[Address] IAT @explorer.exe (RegEnumKeyExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5AA19)
[Address] IAT @explorer.exe (RegDeleteValueW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C61401)
[Address] IAT @explorer.exe (RegSetValueExW) : api-ms-win-core-registry-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C6B72B)
[Address] IAT @explorer.exe (OpenProcessToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E647)
[Address] IAT @explorer.exe (OpenThreadToken) : api-ms-win-core-processthreads-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E612)
[Address] IAT @explorer.exe (CloseHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D140)
[Address] IAT @explorer.exe (DuplicateHandle) : api-ms-win-core-handle-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4DA22)
[Address] IAT @explorer.exe (SetUnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C670D7)
[Address] IAT @explorer.exe (SetErrorMode) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C52EBF)
[Address] IAT @explorer.exe (GetLastError) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4CEEF)
[Address] IAT @explorer.exe (RaiseException) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C51F9B)
[Address] IAT @explorer.exe (UnhandledExceptionFilter) : api-ms-win-core-errorhandling-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74CD705F)
[Address] IAT @explorer.exe (WaitForSingleObject) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C42151)
[Address] IAT @explorer.exe (OpenMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5BACE)
[Address] IAT @explorer.exe (InitializeCriticalSectionEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C553BA)
[Address] IAT @explorer.exe (WaitForMultipleObjectsEx) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4CFBE)
[Address] IAT @explorer.exe (SetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D08C)
[Address] IAT @explorer.exe (OpenEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5229A)
[Address] IAT @explorer.exe (CreateEventW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D997)
[Address] IAT @explorer.exe (ResetEvent) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D0B2)
[Address] IAT @explorer.exe (CreateMutexW) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C50EE1)
[Address] IAT @explorer.exe (ReleaseMutex) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C41005)
[Address] IAT @explorer.exe (Sleep) : api-ms-win-core-synch-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C42284)
[Address] IAT @explorer.exe (CharNextW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5663E)
[Address] IAT @explorer.exe (CharUpperW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5695B)
[Address] IAT @explorer.exe (CharPrevW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C59AAC)
[Address] IAT @explorer.exe (CharLowerW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5E111)
[Address] IAT @explorer.exe (IsCharAlphaNumericW) : api-ms-win-core-string-l2-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5BDE7)
[Address] IAT @explorer.exe (HeapDestroy) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C504F7)
[Address] IAT @explorer.exe (HeapSetInformation) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5467B)
[Address] IAT @explorer.exe (GetProcessHeap) : api-ms-win-core-heap-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4CEB1)
[Address] IAT @explorer.exe (WideCharToMultiByte) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C51CCD)
[Address] IAT @explorer.exe (MultiByteToWideChar) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C50C61)
[Address] IAT @explorer.exe (CompareStringW) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4EC17)
[Address] IAT @explorer.exe (CompareStringOrdinal) : api-ms-win-core-string-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C57E2F)
[Address] IAT @explorer.exe (FreeLibrary) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4DD11)
[Address] IAT @explorer.exe (GetProcAddress) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4FCFE)
[Address] IAT @explorer.exe (LoadLibraryExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5273E)
[Address] IAT @explorer.exe (LockResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D7DF)
[Address] IAT @explorer.exe (GetModuleHandleW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4DC84)
[Address] IAT @explorer.exe (LoadResource) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C575B2)
[Address] IAT @explorer.exe (FindResourceExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5748B)
[Address] IAT @explorer.exe (GetModuleFileNameW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E0AF)
[Address] IAT @explorer.exe (FreeLibraryAndExitThread) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E033)
[Address] IAT @explorer.exe (GetModuleHandleExW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C520DA)
[Address] IAT @explorer.exe (LoadStringW) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C53BD1)
[Address] IAT @explorer.exe (GetModuleHandleA) : api-ms-win-core-libraryloader-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E3CA)
[Address] IAT @explorer.exe (GetCurrentDirectoryW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C554B6)
[Address] IAT @explorer.exe (GetCommandLineW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C553E2)
[Address] IAT @explorer.exe (SearchPathW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9C406)
[Address] IAT @explorer.exe (ExpandEnvironmentStringsW) : api-ms-win-core-processenvironment-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4EDE9)
[Address] IAT @explorer.exe (CallNtPowerInformation) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\powrprof.dll @ 0x74B31DCC)
[Address] IAT @explorer.exe (GetPwrCapabilities) : api-ms-win-power-base-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\powrprof.dll @ 0x74B3367D)
[Address] IAT @explorer.exe (GetTokenInformation) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E773)
[Address] IAT @explorer.exe (GetSidSubAuthority) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C56446)
[Address] IAT @explorer.exe (CreateWellKnownSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C62A05)
[Address] IAT @explorer.exe (GetLengthSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E66F)
[Address] IAT @explorer.exe (IsValidSid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E6D5)
[Address] IAT @explorer.exe (CopySid) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E688)
[Address] IAT @explorer.exe (GetSidSubAuthorityCount) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5645F)
[Address] IAT @explorer.exe (CheckTokenMembership) : api-ms-win-security-base-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C50329)
[Address] IAT @explorer.exe (PathCchAddExtension) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C7A8C1)
[Address] IAT @explorer.exe (PathCchCombine) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C586CF)
[Address] IAT @explorer.exe (PathCchAppend) : api-ms-win-core-path-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C611EC)
[Address] IAT @explorer.exe (GetLongPathNameW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C72C8D)
[Address] IAT @explorer.exe (ReadFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5384C)
[Address] IAT @explorer.exe (CreateFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C526CE)
[Address] IAT @explorer.exe (WriteFile) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4DA7F)
[Address] IAT @explorer.exe (GetFileSize) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C502B9)
[Address] IAT @explorer.exe (FindClose) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C54A48)
[Address] IAT @explorer.exe (CompareFileTime) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C51648)
[Address] IAT @explorer.exe (DeleteFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5402F)
[Address] IAT @explorer.exe (FindNextFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C54B4D)
[Address] IAT @explorer.exe (FindFirstFileW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C549EA)
[Address] IAT @explorer.exe (GetFileAttributesW) : api-ms-win-core-file-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C52D76)
[Address] IAT @explorer.exe (GetTickCount64) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D21E)
[Address] IAT @explorer.exe (GetTickCount) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4CE5B)
[Address] IAT @explorer.exe (GetProductInfo) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C6A3A1)
[Address] IAT @explorer.exe (GetVersionExW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4EE47)
[Address] IAT @explorer.exe (GetSystemDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C543EE)
[Address] IAT @explorer.exe (GetSystemTimeAsFileTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D306)
[Address] IAT @explorer.exe (GetSystemTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4ECE5)
[Address] IAT @explorer.exe (GetWindowsDirectoryW) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C569A0)
[Address] IAT @explorer.exe (GetLocalTime) : api-ms-win-core-sysinfo-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4F145)
[Address] IAT @explorer.exe (GetDynamicTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C92B27)
[Address] IAT @explorer.exe (GetTimeZoneInformation) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C600B1)
[Address] IAT @explorer.exe (SystemTimeToFileTime) : api-ms-win-core-timezone-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C52141)
[Address] IAT @explorer.exe (GetTimeFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C62599)
[Address] IAT @explorer.exe (GetDateFormatEx) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C625C9)
[Address] IAT @explorer.exe (GetDateFormatW) : api-ms-win-core-datetime-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C72516)
[Address] IAT @explorer.exe (MapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C52BB9)
[Address] IAT @explorer.exe (VirtualAlloc) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D3DD)
[Address] IAT @explorer.exe (UnmapViewOfFile) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4D2A3)
[Address] IAT @explorer.exe (CreateFileMappingW) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C52D4F)
[Address] IAT @explorer.exe (VirtualFree) : api-ms-win-core-memory-l1-1-1.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4DD5A)
[Address] IAT @explorer.exe (StrStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5F51E)
[Address] IAT @explorer.exe (StrTrimW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5DF67)
[Address] IAT @explorer.exe (StrCmpNICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9D843)
[Address] IAT @explorer.exe (StrCmpNW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9CC6A)
[Address] IAT @explorer.exe (StrToIntW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9DD73)
[Address] IAT @explorer.exe (StrChrW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9D80F)
[Address] IAT @explorer.exe (StrCmpICW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9D76D)
[Address] IAT @explorer.exe (StrCmpNIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5F7C6)
[Address] IAT @explorer.exe (StrRStrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C97664)
[Address] IAT @explorer.exe (StrCmpIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C743B9)
[Address] IAT @explorer.exe (SHLoadIndirectString) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5FB3B)
[Address] IAT @explorer.exe (StrChrIW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C75923)
[Address] IAT @explorer.exe (StrCmpW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9CED7)
[Address] IAT @explorer.exe (StrCmpCW) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C56B0D)
[Address] IAT @explorer.exe (QISearch) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4DEB8)
[Address] IAT @explorer.exe (StrCmpICA) : api-ms-win-core-shlwapi-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4DF6D)
[Address] IAT @explorer.exe (GetUserDefaultUILanguage) : api-ms-win-core-localization-obsolete-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5172A)
[Address] IAT @explorer.exe (CoRegisterMessageFilter) : api-ms-win-core-com-private-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x757491D2)
[Address] IAT @explorer.exe (SHRegGetUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C70829)
[Address] IAT @explorer.exe (SHRegGetBoolUSValueW) : api-ms-win-core-registryuserspecific-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C77F7A)
[Address] IAT @explorer.exe (PathRemoveExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C61111)
[Address] IAT @explorer.exe (PathIsFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C774FF)
[Address] IAT @explorer.exe (PathGetDriveNumberW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9D9BF)
[Address] IAT @explorer.exe (PathRemoveFileSpecW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C7208C)
[Address] IAT @explorer.exe (PathCommonPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C60BFB)
[Address] IAT @explorer.exe (PathStripPathW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74CA26F0)
[Address] IAT @explorer.exe (PathStripToRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C7224C)
[Address] IAT @explorer.exe (PathFindExtensionW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C59964)
[Address] IAT @explorer.exe (PathQuoteSpacesW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C97B36)
[Address] IAT @explorer.exe (SHExpandEnvironmentStringsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C59C9B)
[Address] IAT @explorer.exe (PathFileExistsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C56B45)
[Address] IAT @explorer.exe (PathGetArgsW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9BE61)
[Address] IAT @explorer.exe (PathRemoveBlanksW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C6A588)
[Address] IAT @explorer.exe (PathFindFileNameW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9D899)
[Address] IAT @explorer.exe (PathCombineW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5E1CF)
[Address] IAT @explorer.exe (PathParseIconLocationW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74CA2A5F)
[Address] IAT @explorer.exe (PathIsRootW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5E367)
[Address] IAT @explorer.exe (PathIsPrefixW) : api-ms-win-core-shlwapi-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C60D6E)
[Address] IAT @explorer.exe (RegCreateKeyW) : api-ms-win-core-registry-l2-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\advapi32.dll @ 0x7584879E)
[Address] IAT @explorer.exe (RoGetActivationFactory) : api-ms-win-core-winrt-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x757576B7)
[Address] IAT @explorer.exe (WindowsDeleteString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x75751360)
[Address] IAT @explorer.exe (WindowsCreateString) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x757515A1)
[Address] IAT @explorer.exe (WindowsGetStringRawBuffer) : api-ms-win-core-winrt-string-l1-1-0.dll -> HOOKED (C:\Windows\SYSTEM32\combase.dll @ 0x7575116D)
[Address] IAT @explorer.exe (GetLocaleInfoW) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C53457)
[Address] IAT @explorer.exe (GetThreadUILanguage) : api-ms-win-core-localization-l1-2-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C60B2D)
[Address] IAT @explorer.exe (QueryFullProcessImageNameW) : api-ms-win-core-psapi-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C9E179)
[Address] IAT @explorer.exe (StopTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C92934)
[Address] IAT @explorer.exe (EnableTraceEx2) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C8960E)
[Address] IAT @explorer.exe (StartTraceW) : api-ms-win-eventing-controller-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C89E6F)
[Address] IAT @explorer.exe (DeactivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5029B)
[Address] IAT @explorer.exe (ReleaseActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5025F)
[Address] IAT @explorer.exe (ActivateActCtx) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5027D)
[Address] IAT @explorer.exe (CreateActCtxW) : api-ms-win-core-sidebyside-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C567FF)
[Address] IAT @explorer.exe (ChangeTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E072)
[Address] IAT @explorer.exe (DeleteTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C5056D)
[Address] IAT @explorer.exe (CreateTimerQueueTimer) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C505BA)
[Address] IAT @explorer.exe (QueueUserWorkItem) : api-ms-win-core-threadpool-legacy-l1-1-0.dll -> HOOKED (C:\Windows\system32\KERNELBASE.dll @ 0x74C4E81C)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AAKX-75U6AA0 +++++
--- User ---
[MBR] 82c718dfa613542161fd7933a666b8b3
[bSP] f3909dd37322b74f22fa42635666f9d4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 238069 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488284160 | Size: 238519 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03072014_105935.txt >>



 

Link to post
Share on other sites

Run the following:

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 


Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

OK. Pretty bummed out. Seems not to have worked. Logs posted below. Attached screenshots of various apps including a shot of this, all in Firefox. Wait... just checked some of these sites in Chrome and they display just fine. So, it's something to do with FF and it hasn't been gotten rid of yet.

 

Farber Recovery Scan Tool did not run. For both 32 and 64 bit versions, my system warned me asking permission. I said go for it and that was the end. Nothing else happened. I've searched my computer for an FRXT.txt file, but it does not exist.

 

I had run AdwareCleaner when I first started working to solve this problem. Have copied in that and today's logs.

 

# AdwCleaner v3.020 - Report created 04/03/2014 at 18:36:38
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 Pro  (32 bits)
# Username : User - EESDELLDESKTOP
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Users\User\AppData\Local\Temp\boost_interprocess
File Deleted : C:\END
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Browsers ] *****
# AdwCleaner v3.020 - Report created 07/03/2014 at 16:39:54
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 Pro  (32 bits)
# Username : User - EESDELLDESKTOP
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3132 octets] - [04/03/2014 18:27:09]
AdwCleaner[R1].txt - [1042 octets] - [07/03/2014 16:33:31]
AdwCleaner[s0].txt - [3269 octets] - [04/03/2014 18:36:38]
AdwCleaner[s1].txt - [969 octets] - [07/03/2014 16:39:54]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1028 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 Pro x86
Ran by User on Fri 03/07/2014 at 16:48:24.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASAPI32
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskhost_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\vj87iu34.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 16:50:01.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

 

post-157893-0-81402800-1394192464_thumb.

post-157893-0-69899800-1394192465_thumb.

post-157893-0-29706200-1394192467_thumb.

post-157893-0-31775200-1394192468_thumb.

post-157893-0-45993500-1394192470_thumb.

post-157893-0-49035000-1394192471_thumb.

Link to post
Share on other sites

Sorry about that, some of the instruction header are chopped off. Not sure why that have happened. Zoek is not a virus or malware of any sort... I give instructions again...

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Make sure to select direct on the word “Zip”

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

%7Boption%7Dhttp://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Zoeke.jpg[/img]

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

 

Kevin

Link to post
Share on other sites

Here is the  first part of the Zoek results. The full text is too long to fit in one post. I hope this tells you something!

 

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by User on Sun 03/09/2014 at 10:19:44.53.
Microsoft Windows 8 Pro 6.2.9200  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.scr [scan all users] [script inserted]

==== System Restore Info ======================

3/9/2014 10:21:18 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1266843641-3415387651-3088813132-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1266843641-3415387651-3088813132-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== File Information Results ======================


==== Running Processes ======================

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\dashost.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\PROLiNK\PROLiNK WN2001\RtlService.exe
C:\Program Files\StrongVPN\StrongService.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PROLiNK\PROLiNK WN2001\RtWlan.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\SmarThru Office\BackUpSvr.exe
C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20140309_1025_.backup

==== Deleting Files \ Folders ======================

C:\Users\User\.android deleted
C:\AUTORUN.INF deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default\jetpack deleted

==== Registry Search Results for "standardsearch" ======================

No instances of string "standardsearch" found.

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3497 MB
CPU Info: Intel® Core i5-3470 CPU @ 3.20GHz
CPU Speed: 3246.2 MHz
Sound Card: Speakers (High Definition Audio |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics
Monitors: 1x; Dell 2407WFP (Digital) |
Screen Resolution: 1920 X 1200 - 32 bit
Network: Network Present
Network Adapters: StrongVPN Adapter | Microsoft Hosted Network Virtual Adapter | 802.11n/b/g 2cm Wireless LAN USB2.0 Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: PLDS    DVD+-RW DH-16ACS
Ports: COM1 LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  232.5GB | D:  232.9GB
Hard Disks - Free: C:  52.5GB | D:  205.6GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 01/31/13 | DELL   - 1072009
Time Zone: Nepal Standard Time
Motherboard *: Dell Inc. 042P49
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox    27.0.1
Internet Explorer Version: 10.0.9200.16736
Mozilla Firefox version: 27.0.1 (x86 en-US)
Google Chrome version: 33.0.1750.146
Adobe Reader version: 11.0.03.37
Flash Player version: 12.0.0.44

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-02-25 06:28:28    69CE18D14A00174B14FF700EE65544F5    159509    ----a-w-    C:\Windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
====== C:\Users\User\AppData\Local\Temp ====
2014-03-08 12:41:49    C7977FE6BFDBDB3CA94762CB1411AEE9    19643576    ----a-w-    C:\Users\User\AppData\Local\Temp\OutlookTodoist.Adx130387561095089259.exe
2014-03-07 11:46:43    C7977FE6BFDBDB3CA94762CB1411AEE9    19643576    ----a-w-    C:\Users\User\AppData\Local\Temp\OutlookTodoist.Adx.exe
2014-03-07 11:02:44    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-03-07 05:13:44    6F0D063678B5DF7B9D0A9656571C4BA3    1476024    ----a-w-    C:\Users\User\AppData\Local\Temp\ntdll_dump.dll
2014-03-02 11:47:23    9550166A2A7AC38DE3FBDF654B8CB924    17858952    ----a-w-    C:\Users\User\AppData\Local\Temp\{E732DE10-73FE-4233-82BF-3AF07CE21F80}\InstallFlashPlayer.exe
2014-02-27 11:04:58    125A63FE7EBF819DDB3BBC735F506EA3    90975    ----a-w-    C:\Users\User\AppData\Local\Temp\webxvid-setup-bi ).exe
2014-02-27 11:04:44    8980AE2A548CEC5764CE27CDA2AF67B6    7963990    ----a-w-    C:\Users\User\AppData\Local\Temp\TSStub_SM.exe
2014-02-25 22:36:00    66B670AD7D93DFC4055B6061FF32F9C1    786944    ----a-w-    C:\Users\User\AppData\Local\Temp\twsfiles\x86\SQLite.Interop.dll
====== Java Cache =====
====== C:\Windows\system32 =====
2014-03-07 05:12:02    91B6DFBA0FD7D0F4836FB711D1B5D81C    26624    ----a-w-    C:\Windows\System32\TrueSight.sys
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-09 03:30:14    --------    d-----w-    C:\Program Files\Common Files\Skype
2014-02-27 05:54:11    --------    d-----w-    C:\Program Files\OutlookTodoistADX
2014-02-26 10:46:41    --------    d-----w-    C:\Program Files\MSECache
2014-02-25 06:28:25    --------    d-----w-    C:\Program Files\01 Transaction Pro Importer 5.0
2014-02-20 01:13:57    --------    d-----w-    C:\Program Files\Common Files\DESIGNER
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2014-03-09 03:30:45    --------    d-----w-    C:\Users\User\AppData\Local\Skype
2014-02-27 11:06:50    --------    d-----w-    C:\Users\User\AppData\Roaming\trustedshopper
2014-02-27 11:06:50    --------    d-----w-    C:\Users\User\AppData\Locallow\trustedshopper
2014-02-27 11:06:50    --------    d-----w-    C:\Users\User\AppData\Local\UpdateChecker
2014-02-27 11:06:39    --------    d-----w-    C:\Users\User\AppData\Roaming\Apple Computer
2014-02-27 05:58:22    --------    d-----w-    C:\Users\User\AppData\Local\Microsoft_Corporation
2014-02-25 06:29:27    --------    d-----w-    C:\Users\User\AppData\Roaming\01 Transaction Pro Importer 5.0
2014-02-25 06:28:28    --------    d-----w-    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\01 Transaction Pro Importer 5.0
====== C:\Users\User ======
2014-03-09 03:30:15    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-03-07 11:11:00    E3CA7ED2AC9DB7262E531C25BA7188F5    1145344    ----a-w-    C:\Users\User\Downloads\FRST.exe
2014-03-07 11:10:47    A8E0564E9E2DF9E38520170108A97342    2156544    ----a-w-    C:\Users\User\Downloads\FRST64.exe
2014-03-07 11:02:16    2075EBB7954277A05193412881EC8FDE    1037734    ----a-w-    C:\Users\User\Downloads\JRT.exe
2014-03-07 10:46:35    A845789676F7D2A542E708EB5CAC12C9    1244192    ----a-w-    C:\Users\User\Downloads\AdwCleaner.exe
2014-03-06 11:30:34    39B81D173E803767179E3673C8B426F6    3819008    ----a-w-    C:\Users\User\Downloads\RogueKiller.exe
2014-03-06 08:58:56    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\User\Downloads\dds.com
2014-03-05 08:19:56    9953EA198585664D688B3333EC97F340    2785516    ----a-w-    C:\Users\User\Downloads\RevoUninstallerPortable_1.95.paf.exe
2014-03-04 13:34:54    6D43AA185492628807399A8906D8CD91    72008    ----a-w-    C:\Users\User\Downloads\VuzeBittorrentClientInstaller.exe
2014-03-04 02:01:55    683FDD3D773C58B262DC07CD0C6CE938    10285040    ----a-w-    C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-25 06:29:27    --------    d-----w-    C:\ProgramData\Synergration
2014-02-25 06:29:27    --------    d-----w-    C:\ProgramData\01 Transaction Pro Importer 5.0
2014-02-20 06:08:39    --------    d-----w-    C:\ProgramData\Microsoft OneDrive
2014-02-20 01:13:01    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

====== C: exe-files ==
2014-03-09 03:22:02    DB198F306A8A952EFBC5D5D25981570E    1196432    ----a-w-    C:\Program Files\OutlookTodoistADX\unins000.exe
2014-03-08 12:41:49    C7977FE6BFDBDB3CA94762CB1411AEE9    19643576    ----a-w-    C:\Users\User\AppData\Local\Temp\OutlookTodoist.Adx130387561095089259.exe
2014-03-07 11:46:43    C7977FE6BFDBDB3CA94762CB1411AEE9    19643576    ----a-w-    C:\Users\User\AppData\Local\Temp\OutlookTodoist.Adx.exe
2014-03-07 11:11:19    426CF97E78C114BB260E2CEE46709E64    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$ITI1R7D.exe
2014-03-07 11:11:00    E3CA7ED2AC9DB7262E531C25BA7188F5    1145344    ----a-w-    C:\Users\User\Downloads\FRST.exe
2014-03-07 11:10:47    A8E0564E9E2DF9E38520170108A97342    2156544    ----a-w-    C:\Users\User\Downloads\FRST64.exe
2014-03-07 11:07:31    E3CA7ED2AC9DB7262E531C25BA7188F5    1145344    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$RTI1R7D.exe
2014-03-07 11:02:44    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-03-07 11:02:16    2075EBB7954277A05193412881EC8FDE    1037734    ----a-w-    C:\Users\User\Downloads\JRT.exe
2014-03-07 10:46:35    A845789676F7D2A542E708EB5CAC12C9    1244192    ----a-w-    C:\Users\User\Downloads\AdwCleaner.exe
2014-03-06 11:30:34    39B81D173E803767179E3673C8B426F6    3819008    ----a-w-    C:\Users\User\Downloads\RogueKiller.exe
2014-03-05 08:19:56    9953EA198585664D688B3333EC97F340    2785516    ----a-w-    C:\Users\User\Downloads\RevoUninstallerPortable_1.95.paf.exe
2014-03-04 13:51:08    0D429B6C54941F22FC36E45124802580    111824    ----a-w-    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8MN3TXZ\ism[1].exe
2014-03-04 13:43:21    824C8B34E89F6829855B543586E7EF13    10073120    ----a-w-    C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FSPDBE1X\Vuze_Installer32[1].exe
2014-03-04 13:34:54    6D43AA185492628807399A8906D8CD91    72008    ----a-w-    C:\Users\User\Downloads\VuzeBittorrentClientInstaller.exe
2014-03-04 12:55:26    9AA977306C59CAED49D8D91E4112DA04    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$I07VJH1.exe
2014-03-04 12:55:26    965C4F5194BA652402E084230B78E691    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$INR6G0L.exe
2014-03-04 12:55:26    8F6F86902B06D97D15B0D82D29BDEBAE    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$II9J04O.exe
2014-03-04 12:55:26    729559CA71D284F1925BAB16E5D1F507    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$IF7IAI2.exe
2014-03-04 12:55:26    2568C9E6A24B9EF2C6F19394E671AF3C    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$IXLSKD5.exe
2014-03-04 12:55:26    0583C2AF0C4210CA28C6916B1231D5D9    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$II9FAGC.exe
2014-03-04 12:55:06    D7B24DFDF86ABE3926FCF5D084EFB3C6    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$I706UWW.exe
2014-03-04 12:55:06    89BEF9938BD25838CA3D343CAF2062EB    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$INIS3I0.exe
2014-03-04 12:54:58    7042174522301D964FFFA849AA6230E2    544    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$IAPFW5D.exe
2014-03-04 12:40:14    A845789676F7D2A542E708EB5CAC12C9    1244192    ----a-w-    C:\$Recycle.Bin\S-1-5-21-1266843641-3415387651-3088813132-1001\$RAPFW5D.exe
2014-03-04 06:26:52    99EDAB82414D23D14947415E5C502FE1    786136    ----a-w-    C:\Users\User\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\33.0.1750.146\33.0.1750.146_33.0.1750.117_chrome_updater.exe
2014-03-04 02:01:55    683FDD3D773C58B262DC07CD0C6CE938    10285040    ----a-w-    C:\Users\User\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-02 11:47:23    9550166A2A7AC38DE3FBDF654B8CB924    17858952    ----a-w-    C:\Users\User\AppData\Local\Temp\{E732DE10-73FE-4233-82BF-3AF07CE21F80}\InstallFlashPlayer.exe
=== C: other files ==
2014-03-07 11:02:44    F7A2BEBE778DC26187C675948B2CEBAB    16063    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\get.bat
2014-03-07 11:02:44    CC6C23C02BE66014AD87F2678BBB3A1D    8117    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\modules.bat
2014-03-07 11:02:44    C9494C05F5248940AEE0D0A8C4EA89D9    152746    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\firefox.bat
2014-03-07 11:02:44    C4A5476A9D54B400F1623A2EE7DDA5C5    13955    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\chrome.bat
2014-03-07 11:02:44    B964B792D3692699CD7D4FDB63EE470E    1239    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\FWPolicy.bat
2014-03-07 11:02:44    B45931E5313CB14CAA0F2BC3DA30E6FC    29648    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\ask.bat
2014-03-07 11:02:44    B13567DECD03F424239DE6D1ED408C08    10261    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\JRT.bat
2014-03-07 11:02:44    80D02380F1AC33E459324B088392A1EC    732    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\ev_clear.bat
2014-03-07 11:02:44    75C9C20DD9839BF287B43B0E179822DC    31414    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\iexplore.bat
2014-03-07 11:02:44    7178963AEE641F3E47E1CE22416F8A3A    9295    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\runvalues.bat
2014-03-07 11:02:44    654E9FE74B930A454EE5BDE165794B65    85    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\delorphans.bat
2014-03-07 11:02:44    58605DA3492FB918D3D40B1FB88046AE    39471    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\prelim.bat
2014-03-07 11:02:44    3ECC13A08D5F7771A8C8ED15C2B2B6D5    154576    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\misc.bat
2014-03-07 11:02:44    372EA6F783198102CF5779072EE78C79    24751    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\searchlnk.bat
2014-03-07 11:02:44    1FBF882AA934A741530741FC134872A3    1243    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\TDL4.bat
2014-03-07 11:02:44    14D6EE8B672684E2232FB430D8C4A928    18668    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\medfos.bat
2014-03-07 11:02:44    0768E560CCD86C18F35FAD29DCEA7B80    1820    ----a-w-    C:\Users\User\AppData\Local\Temp\jrt\delfolders.bat
2014-03-07 05:12:02    91B6DFBA0FD7D0F4836FB711D1B5D81C    26624    ----a-w-    C:\Windows\System32\TrueSight.sys
2014-03-06 08:58:56    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\User\Downloads\dds.com
2014-03-04 04:54:20    E52F13FAAFAC9A4EDEEF4CC9861D2D9D    185781    ----a-w-    C:\Users\User\AppData\Roaming\Azureus\plugins\azutp\azutp_0.5.3.zip
2014-03-04 04:54:11    E52F13FAAFAC9A4EDEEF4CC9861D2D9D    185781    ----a-w-    C:\Users\User\AppData\Local\Temp\azutp_0.5.3.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1266843641-3415387651-3088813132-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"SkyDrive"="C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Akamai NetSession Interface"="C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
"Viber"="C:\Users\User\AppData\Local\Viber\Viber.exe StartMinimized"
"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"StrongVPN Client"="C:\Program Files\StrongVPN\StrongDial.exe --silent"
"Wunderlist"="C:\Program Files\Wunderlist2\Wunderlist.exe /silent"
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
"SmileboxTray"="C:\Users\User\AppData\Roaming\Smilebox\SmileboxTray.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"Intuit SyncManager"="C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun"
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"STO Backup Service"="C:\Program Files\SmarThru Office\BackUpSvr.exe"
"STO Launcher Service"="C:\Program Files\SmarThru Office\LegacyLauncher.exe /autorun"
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"
"AndroidSync"="C:\Program Files\Android-Sync\AndroidSync.exe -m"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"SkyDrive"="C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"Akamai NetSession Interface"="C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
"Viber"="C:\Users\User\AppData\Local\Viber\Viber.exe StartMinimized"
"KiesPreload"="C:\Program Files\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"StrongVPN Client"="C:\Program Files\StrongVPN\StrongDial.exe --silent"
"Wunderlist"="C:\Program Files\Wunderlist2\Wunderlist.exe /silent"
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"="C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window"
"SmileboxTray"="C:\Users\User\AppData\Roaming\Smilebox\SmileboxTray.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Folders ======================

2013-08-04 04:14:33    1054    ----a-w-    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-09-03 10:24:20    1101    ----a-w-    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
2013-08-03 13:00:48    1328    ----a-w-    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
2013-08-02 20:29:37    2255    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
2013-08-03 10:24:44    2191    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
2013-08-03 10:24:44    2392    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
2013-08-03 10:24:44    2000    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1266843641-3415387651-3088813132-1001Core.job --a-------- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [08/03/2013 01:35 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-EESDELLDESKTOP-User" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1266843641-3415387651-3088813132-1001Core" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1266843641-3415387651-3088813132-1001UA" [C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\{6255DA71-7C98-48E9-8FEA-427B61E2A3B2}" [C:\Program Files\Skype\\Phone\Skype.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [08/03/2013 06:45 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Youtube MP3 Podcaster - %ProfilePath%\extensions\youtubemp3podcaster@jeremy.d.gregorio.com
- Evernote Web Clipper - %ProfilePath%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
- Copy Urls Expert - %ProfilePath%\extensions\copy-urls-expert@kashiif-gmail.com.xpi
- Easy Screen Shot - %ProfilePath%\extensions\easyscreenshot@mozillaonline.com.xpi
- Android Desktop Notifications - %ProfilePath%\extensions\jid0-105eGBfutA8RahNXKJRXP7CPNs0@jetpack.xpi
- Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
- Clearly - %ProfilePath%\extensions\readable@evernote.com.xpi
- Todoist - %ProfilePath%\extensions\support@todoist.com.xpi
- Tree Style Tab - %ProfilePath%\extensions\treestyletab@piro.sakura.ne.jp.xpi
- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default
A9C86900D2A61728C8326FE7147617C5    - C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll -    Google Update
FD6ACD9D85177259D442A0C4AC15F7B8    - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll -    Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -    Microsoft Office 2013
3A523765D795DB006C010B915C3A840A    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
42A9B216A7A288512CE2F9A6BCCE96BC    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
8BA469072B5A692B659F856C7E97A230    - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll -    NPCIG.dll


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[02/21/2013 07:44 AM]
fdjkhamgopgokjmllcmpkiijndjeidcl - C:\Users\User\AppData\Local\Temp\twsfiles\trustedshopper.crx[02/25/2014 11:37 AM]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01/03/2014 01:32 AM]

Awesome Screenshot: Capture Annotate - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce
Sidewise Tree Style Tabs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\biiammgklaefagjclmnlialkmaemifgo
Facebook - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm
OneTab - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
Tab Manager - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda
Logitech SetPoint - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Tabs Outliner - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl
Gmail Offline - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk
Google Calendar - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Theme - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne
Password must be between 6 and 64 characters long. - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj
Todoist To-Do list and Task Manager - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh
Evernote Web - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
Lightshot screenshot tool - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp
Veritabs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehjgjnfanppoiaikadimdkobpdahnmg
TabsPlus - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikomkkhhpfoeamojhhgpfkpkdlfhfii
Google Wallet - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
TabCloud - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof
Evernote Web Clipper - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== HijackThis Entries ======================

O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sTO Backup Service] C:\Program Files\SmarThru Office\BackUpSvr.exe
O4 - HKLM\..\Run: [sTO Launcher Service] C:\Program Files\SmarThru Office\LegacyLauncher.exe /autorun
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AndroidSync] C:\Program Files\Android-Sync\AndroidSync.exe -m
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [skyDrive] "C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Viber] "C:\Users\User\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [strongVPN Client] "C:\Program Files\StrongVPN\StrongDial.exe" --silent
O4 - HKCU\..\Run: [Wunderlist] "C:\Program Files\Wunderlist2\Wunderlist.exe" /silent
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [smileboxTray] "C:\Users\User\AppData\Roaming\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE


O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0



O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\PROLiNK\PROLiNK WN2001\RtlService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StrongVPN Service - Black Oak Computers, Inc. - C:\Program Files\StrongVPN\StrongService.exe

==== Sysinternals Autoruns Log ======================

HKLM\System\CurrentControlSet\Services
   AdobeActiveFileMonitor11.0
     C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
     Tracks files that are managed by Elements Organizer
     Adobe Systems Incorporated
     11.0.0.0
     c:\program files\adobe\elements 11 organizer\photoshopelementsfileagent.exe
     9/23/2012 9:31 AM
   AdobeARMservice
     "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"
     Adobe Acrobat Updater keeps your Adobe software up to date.
     Adobe Systems Incorporated
     1.7.4.0
     c:\program files\common files\adobe\arm\1.0\armsvc.exe
     4/5/2013 2:50 AM
   cphs
     %SystemRoot%\system32\IntelCpHeciSvc.exe
     Intel® Content Protection HECI Service - enables communication with the Content Protection FW
     Intel Corporation
     1.0.1.14
     c:\windows\system32\intelcphecisvc.exe
     12/22/2011 12:30 PM
   FLEXnet Licensing Service
     "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
     This service performs licensing functions on behalf of FLEXnet enabled products.
     Macrovision Europe Ltd.
     11.5.0.0
     c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
     11/28/2007 1:15 AM
   LBTServ
     C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
     Logitech Bluetooth Service
     Logitech, Inc.
     5.52.29.0
     c:\program files\common files\logishrd\bluetooth\lbtserv.exe
     2/9/2013 12:09 AM
   MozillaMaintenance
     "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
     The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
     Mozilla Foundation
     27.0.1.5156
     c:\program files\mozilla maintenance service\maintenanceservice.exe
     2/13/2014 4:08 AM
   QBCFMonitorService
     "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe"
     QuickBooks Company File Monitoring Service
     Intuit
     4.0.5129.16650
     c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe
     1/16/2014 11:00 PM
   QBFCService
     "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe"
     QuickBooks FCS module
     Intuit Inc.
     1.3.0.0
     c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe
     7/24/2009 9:55 AM
   QBVSS
     "C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe"
     Enables standard users to access Intuit Data Protect service.
     Intuit Inc.
     1.26.21.4000
     c:\program files\common files\intuit\dataprotect\qbidpservice.exe
     4/25/2013 4:16 AM
   Realtek11nSU
     C:\Program Files\PROLiNK\PROLiNK WN2001\RtlService.exe
     RtlService MFC Application
     Realtek
     700.1006.416.2010
     c:\program files\prolink\prolink wn2001\rtlservice.exe
     4/16/2010 1:55 PM
   SkypeUpdate
     "C:\Program Files\Skype\Updater\Updater.exe"
     Enables the detection, download and installation of updates for Skype.
     Skype Technologies
     6.8.1.61523
     c:\program files\skype\updater\updater.exe
     10/23/2013 1:57 PM
   StrongVPN Service
     "C:\Program Files\StrongVPN\StrongService.exe"
     Provides auxillary functions for your installed StrongVPN Client. For support, visit reliablehosting.com or call 1-415-255-5711 for assistance.
     Black Oak Computers, Inc.
     1.3.5.3
     c:\program files\strongvpn\strongservice.exe
     12/9/2013 2:50 AM

HKLM\System\CurrentControlSet\Services
   3ware
     System32\drivers\3ware.sys
     LSI 3ware SCSI Storport Driver
     LSI
     5.1.0.47
     c:\windows\system32\drivers\3ware.sys
     3/9/2012 2:17 AM
   adp94xx
     System32\drivers\adp94xx.sys
     Adaptec Windows SAS/SATA Storport Driver
     Adaptec, Inc.
     1.6.6.4
     c:\windows\system32\drivers\adp94xx.sys
     12/6/2008 5:44 AM
   adpahci
     System32\drivers\adpahci.sys
     Adaptec Windows SATA Storport Driver
     Adaptec, Inc.
     1.6.6.1
     c:\windows\system32\drivers\adpahci.sys
     5/1/2007 11:14 PM
   adpu320
     System32\drivers\adpu320.sys
     Adaptec StorPort Ultra320 SCSI Driver
     Adaptec, Inc.
     7.2.0.0
     c:\windows\system32\drivers\adpu320.sys
     2/28/2007 5:48 AM
   amdsata
     System32\drivers\amdsata.sys
     AHCI 1.2 Device Driver
     Advanced Micro Devices
     1.1.4.6
     c:\windows\system32\drivers\amdsata.sys
     6/12/2012 4:05 AM
   amdsbs
     System32\drivers\amdsbs.sys
     AMD Technology AHCI Compatible Controller Driver for Windows family
     AMD Technologies Inc.
     3.7.1540.30
     c:\windows\system32\drivers\amdsbs.sys
     2/22/2012 12:24 AM
   amdxata
     System32\drivers\amdxata.sys
     Storage Filter Driver
     Advanced Micro Devices
     1.1.4.6
     c:\windows\system32\drivers\amdxata.sys
     6/12/2012 4:22 AM
   androidusb
     \SystemRoot\System32\Drivers\ssadadb.sys
     ADB Interface
     Google Inc
     1.0.1.1
     c:\windows\system32\drivers\ssadadb.sys
     1/15/2009 3:12 AM
   arc
     System32\drivers\arc.sys
     Adaptec RAID Storport Driver
     PMC-Sierra, Inc.
     5.2.0.18702
     c:\windows\system32\drivers\arc.sys
     3/19/2012 11:34 PM
   arcsas
     System32\drivers\arcsas.sys
     Adaptec SAS RAID WS03 Driver
     PMC-Sierra, Inc.
     5.2.0.18702
     c:\windows\system32\drivers\arcsas.sys
     3/19/2012 11:35 PM
   DgiVecp
     \??\C:\Windows\system32\Drivers\DgiVecp.sys
     File not found: C:\Windows\system32\Drivers\DgiVecp.sys
     
   HpSAMD
     System32\drivers\HpSAMD.sys
     Smart Array SAS/SATA Controller Media Driver
     Hewlett-Packard Company
     7.0.12.0
     c:\windows\system32\drivers\hpsamd.sys
     5/31/2012 4:08 AM
   iaStorV
     System32\drivers\iaStorV.sys
     Intel Matrix Storage Manager driver - ia32
     Intel Corporation
     8.6.2.1019
     c:\windows\system32\drivers\iastorv.sys
     4/12/2011 12:31 AM
   igfx
     \SystemRoot\system32\DRIVERS\igdkmd32.sys
     Intel Graphics Kernel Mode Driver
     Intel Corporation
     9.17.10.2932
     c:\windows\system32\drivers\igdkmd32.sys
     12/13/2012 6:26 AM
   iirsp
     System32\drivers\iirsp.sys
     Intel/ICP Raid Storport Driver
     Intel Corp./ICP vortex GmbH
     5.4.22.0
     c:\windows\system32\drivers\iirsp.sys
     12/14/2005 3:33 AM
   LEqdUsb
     \SystemRoot\System32\Drivers\LEqdUsb.Sys
     Logitech Equad USB Driver.
     Logitech, Inc.
     5.52.22.0
     c:\windows\system32\drivers\leqdusb.sys
     1/3/2013 1:57 PM
   LHidEqd
     \SystemRoot\System32\Drivers\LHidEqd.Sys
     Logitech HID Filter Driver.
     Logitech, Inc.
     5.52.22.0
     c:\windows\system32\drivers\lhideqd.sys
     1/3/2013 1:57 PM
   LHidFilt
     \SystemRoot\system32\DRIVERS\LHidFilt.Sys
     Logitech HID Filter Driver.
     Logitech, Inc.
     5.52.22.0
     c:\windows\system32\drivers\lhidfilt.sys
     1/3/2013 1:57 PM
   LMouFilt
     \SystemRoot\system32\DRIVERS\LMouFilt.Sys
     Logitech Mouse Filter Driver.
     Logitech, Inc.
     5.52.22.0
     c:\windows\system32\drivers\lmoufilt.sys
     1/3/2013 1:57 PM
   LSI_SAS
     System32\drivers\lsi_sas.sys
     LSI Fusion-MPT SAS Driver (StorPort)
     LSI Corporation
     1.34.2.6
     c:\windows\system32\drivers\lsi_sas.sys
     5/12/2012 1:03 AM
   LSI_SAS2
     System32\drivers\lsi_sas2.sys
     LSI SAS Gen2 Driver (StorPort)
     LSI Corporation
     2.0.55.84
     c:\windows\system32\drivers\lsi_sas2.sys
     3/13/2012 2:01 AM
   LSI_SCSI
     System32\drivers\lsi_scsi.sys
     LSI Fusion-MPT SCSI Driver (StorPort)
     LSI Corporation
     1.34.2.5
     c:\windows\system32\drivers\lsi_scsi.sys
     2/22/2012 5:44 AM
   LSI_SSS
     System32\drivers\lsi_sss.sys
     LSI SSS PCIe/Flash Driver (StorPort)
     LSI Corporation
     2.10.55.81
     c:\windows\system32\drivers\lsi_sss.sys
     2/22/2012 5:44 AM
   megasas
     System32\drivers\megasas.sys
     MEGASAS RAID Controller Driver for Windows
     LSI Corporation
     6.2.8313.0
     c:\windows\system32\drivers\megasas.sys
     4/4/2012 1:29 AM
   MegaSR
     System32\drivers\MegaSR.sys
     LSI MegaRAID Software RAID Driver
     LSI Corporation, Inc.
     14.6.1007.2012
     c:\windows\system32\drivers\megasr.sys
     2/25/2012 12:07 AM
   MEI
     \SystemRoot\System32\drivers\HECI.sys
     Intel® Management Engine Interface
     Intel Corporation
     7.0.0.1144
     c:\windows\system32\drivers\heci.sys
     10/20/2010 5:18 AM
   mvumis
     System32\drivers\mvumis.sys
     Marvell Flash Controller Driver
     Marvell Semiconductor, Inc.
     1.0.5.7
     c:\windows\system32\drivers\mvumis.sys
     3/20/2012 1:31 PM
   nfrd960
     System32\drivers\nfrd960.sys
     IBM ServeRAID Controller Driver
     IBM Corporation
     7.10.0.0
     c:\windows\system32\drivers\nfrd960.sys
     6/7/2006 2:57 AM
   nvraid
     System32\drivers\nvraid.sys
     NVIDIAr nForce RAID Driver
     NVIDIA Corporation
     10.6.0.22
     c:\windows\system32\drivers\nvraid.sys
     9/13/2011 5:47 AM
   nvstor
     System32\drivers\nvstor.sys
     NVIDIAr nForce Sata Performance Driver
     NVIDIA Corporation
     10.6.0.22
     c:\windows\system32\drivers\nvstor.sys
     9/13/2011 5:07 AM
   PxHelp20
     System32\Drivers\PxHelp20.sys
     Px Engine Device Driver for 32-bit Windows
     Corel Corporation
     3.1.1.0
     c:\windows\system32\drivers\pxhelp20.sys
     4/24/2012 11:11 PM
   RTL8168
     \SystemRoot\system32\DRIVERS\Rt630x86.sys
     Realtek 8101E/8168/8169 NDIS 6.30 32-bit Driver                
     Realtek                                            
     8.1.1019.2011
     c:\windows\system32\drivers\rt630x86.sys
     10/19/2011 5:58 PM
   RTL8192su
     \SystemRoot\system32\DRIVERS\RTL8192su.sys
     Realtek RTL8192S USB NDIS Driver
     Realtek Semiconductor Corporation                           
     1086.49.522.2012
     c:\windows\system32\drivers\rtl8192su.sys
     5/22/2012 5:11 PM
   secdrv
     secdrv
     Macrovision SECURITY Driver
     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
     4.3.86.0
     c:\windows\system32\drivers\secdrv.sys
     9/13/2006 7:03 PM
   SiSRaid2
     System32\drivers\SiSRaid2.sys
     SiS RAID Stor Miniport Driver
     Silicon Integrated Systems Corp.
     5.1.1039.2600
     c:\windows\system32\drivers\sisraid2.sys
     9/25/2008 12:04 AM
   SiSRaid4
     System32\drivers\sisraid4.sys
     SiS AHCI Stor-Miniport Driver
     Silicon Integrated Systems
     5.1.1039.3600
     c:\windows\system32\drivers\sisraid4.sys
     10/2/2008 3:37 AM
   ssadbus
     \SystemRoot\System32\drivers\ssadbus.sys
     SAMSUNG Android USB Composite Device Driver
     MCCI Corporation
     5.30.14.0
     c:\windows\system32\drivers\ssadbus.sys
     11/30/2012 6:39 PM
   ssadmdfl
     \SystemRoot\system32\DRIVERS\ssadmdfl.sys
     @oem41.inf,%Samsung.Filter.Desc%;SAMSUNG Android USB Modem (Filter)
     MCCI Corporation
     5.30.14.0
     c:\windows\system32\drivers\ssadmdfl.sys
     11/30/2012 6:41 PM
   ssadmdm
     \SystemRoot\system32\DRIVERS\ssadmdm.sys
     @oem41.inf,%Samsung.Service.Desc%;SAMSUNG Android USB Modem Drivers
     MCCI Corporation
     5.30.14.0
     c:\windows\system32\drivers\ssadmdm.sys
     11/30/2012 6:42 PM
   ssadserd
     \SystemRoot\system32\DRIVERS\ssadserd.sys
     @oem43.inf,%Samsung.Service.Desc%;SAMSUNG Android USB Diagnostic Serial Port (WDM)
     MCCI Corporation
     5.30.14.0
     c:\windows\system32\drivers\ssadserd.sys
     11/30/2012 6:44 PM
   sscdbus
     \SystemRoot\System32\drivers\sscdbus.sys
     SAMSUNG USB Composite Device Driver
     MCCI Corporation
     5.30.14.0
     c:\windows\system32\drivers\sscdbus.sys
     11/30/2012 6:36 PM
   sscdmdfl
     \SystemRoot\system32\DRIVERS\sscdmdfl.sys
     @oem30.inf,%Samsung.Filter.Desc%;SAMSUNG Mobile Modem Filter
     MCCI Corporation
     5.30.14.0
     c:\windows\system32\drivers\sscdmdfl.sys
     11/30/2012 6:38 PM
   sscdmdm
     \SystemRoot\system32\DRIVERS\sscdmdm.sys
     @oem30.inf,%Samsung.Service.Desc%;SAMSUNG Mobile Modem Drivers
     MCCI Corporation
     5.30.14.0
     c:\windows\system32\drivers\sscdmdm.sys
     11/30/2012 6:38 PM
   SSPORT
     \??\C:\Windows\system32\Drivers\SSPORT.sys
     32bit Port Contention Driver
     Samsung Electronics
     1.0.0.0
     c:\windows\system32\drivers\ssport.sys
     11/22/2006 10:26 AM
   stexstor
     System32\drivers\stexstor.sys
     Promise SuperTrak EX Series Driver for Windows x86
     Promise Technology, Inc.
     5.1.0.9
     c:\windows\system32\drivers\stexstor.sys
     11/19/2011 6:11 AM
   tapstrong
     \SystemRoot\system32\DRIVERS\tapstrong.sys
     TAP-Windows Virtual Network Driver
     The OpenVPN Project
     9.0.0.10
     c:\windows\system32\drivers\tapstrong.sys
     10/31/2013 9:28 AM
   TrueSight
     \??\C:\Windows\system32\TrueSight.sys
     c:\windows\system32\truesight.sys
     9/9/2013 1:34 PM
   viaide
     System32\drivers\viaide.sys
     VIA Generic PCI IDE Bus Driver
     VIA Technologies, Inc.
     6.0.6000.170
     c:\windows\system32\drivers\viaide.sys
     7/26/2012 8:23 AM
   vsmraid
     System32\drivers\vsmraid.sys
     VIA RAID DRIVER FOR AMD-X86-64
     VIA Technologies Inc.,Ltd
     7.0.8140.6290
     c:\windows\system32\drivers\vsmraid.sys
     2/1/2012 2:01 AM
   VSTXRAID
     System32\drivers\vstxraid.sys
     VIA StorX RAID Controller Driver
     VIA Corporation
     8.0.8220.8080
     c:\windows\system32\drivers\vstxraid.sys
     3/26/2012 11:28 PM

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
   igfxcui
     igfxdev.dll
     igfxdev Module
     Intel Corporation
     8.15.10.2932
     c:\windows\system32\igfxdev.dll
     12/13/2012 6:25 AM
   LBTWlgn
     c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
     Logitech Bluetooth Service
     Logitech, Inc.
     5.52.29.0
     c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll
     2/9/2013 12:09 AM

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
   Adobe PDF Port Monitor
     AdobePDF.dll
     Adobe PDF Port  Monitor DLL
     Adobe Systems Inc
     9.0.0.0
     c:\windows\system32\adobepdf.dll
     4/7/2008 11:22 AM
   spe__ Langmon
     spe__l.dll
     Language Monitor for Status Monitor
     1.4.7.0
     c:\windows\system32\spe__l.dll
     3/3/2011 8:42 AM
   SSE1M Langmon
     sse1ml3.dll
     Language Monitor for Status Monitor
     1.4.6.7
     c:\windows\system32\sse1ml3.dll
     12/4/2006 7:05 AM

Link to post
Share on other sites

And the second half...

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   Adobe Acrobat Speed Launcher
     "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
     Adobe Acrobat SpeedLauncher
     Adobe Systems Incorporated
     9.0.0.332
     c:\program files\adobe\acrobat 9.0\acrobat\acrobat_sl.exe
     6/12/2008 3:10 PM
   Acrobat Assistant 8.0
     "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
     AcroTray
     Adobe Systems Inc.
     9.0.0.332
     c:\program files\adobe\acrobat 9.0\acrobat\acrotray.exe
     6/12/2008 11:26 AM
   IgfxTray
     C:\Windows\system32\igfxtray.exe
     igfxTray Module
     Intel Corporation
     8.15.10.2932
     c:\windows\system32\igfxtray.exe
     12/13/2012 6:26 AM
   HotKeysCmds
     C:\Windows\system32\hkcmd.exe
     hkcmd Module
     Intel Corporation
     8.15.10.2932
     c:\windows\system32\hkcmd.exe
     12/13/2012 6:25 AM
   Persistence
     C:\Windows\system32\igfxpers.exe
     persistence Module
     Intel Corporation
     8.15.10.2932
     c:\windows\system32\igfxpers.exe
     12/13/2012 6:25 AM
   Logitech Download Assistant
     C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
     Logitech Download Assistant
     Logitech, Inc.
     1.10.77.0
     c:\windows\system32\logilda.dll
     9/14/2012 4:35 AM
   Intuit SyncManager
     C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
     IntuitSyncManager
     Intuit Inc. All rights reserved.
     6.3.24.4018
     c:\program files\common files\intuit\sync\intuitsyncmanager.exe
     12/10/2013 10:32 PM
   EvtMgr6
     C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
     Logitech SetPoint Event Manager (UNICODE)
     Logitech, Inc.
     6.52.74.0
     c:\program files\logitech\setpointp\setpoint.exe
     2/21/2013 7:53 AM
   Samsung PanelMgr
     C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
     3.2.2.5
     c:\windows\samsung\panelmgr\ssmmgr.exe
     8/27/2009 4:41 PM
   AdobeAAMUpdater-1.0
     "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
     Adobe Updater Startup Utility
     Adobe Systems Incorporated
     2.2.0.2
     c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
     5/6/2011 4:33 PM
   Adobe ARM
     "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
     Adobe Reader and Acrobat Manager
     Adobe Systems Incorporated
     1.7.4.0
     c:\program files\common files\adobe\arm\1.0\adobearm.exe
     4/5/2013 2:50 AM
   STO Backup Service
     C:\Program Files\SmarThru Office\BackUpSvr.exe
     SmarThru Office (BackUpSvr)
     Samsung Electronics Co., Ltd.
     2.7.10.0
     c:\program files\smarthru office\backupsvr.exe
     11/12/2010 8:56 PM
   STO Launcher Service
     C:\Program Files\SmarThru Office\LegacyLauncher.exe /autorun
     SmarThru Office (LegacyLauncher)
     Samsung Electronics Co., Ltd.
     2.7.10.0
     c:\program files\smarthru office\legacylauncher.exe
     11/12/2010 8:56 PM
   KiesTrayAgent
     C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
     Kies TrayAgent Application
     Samsung Electronics Co., Ltd.
     2.0.0.143
     c:\program files\samsung\kies\kiestrayagent.exe
     4/19/2013 10:44 AM
   AndroidSync
     C:\Program Files\Android-Sync\AndroidSync.exe -m
     http://www.android-sync.com
     1.1.1.1
     c:\program files\android-sync\androidsync.exe
     6/20/1992 4:07 AM

HKLM\SOFTWARE\Classes\Protocols\Handler
   intu-help-qb6
     HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491}
     QuickBooks Assistance Library
     Intuit, Inc.
     23.0.12.0
     c:\program files\intuit\quickbooks 2013\helpasyncpluggableprotocol.dll
     1/16/2014 11:14 PM
   skype4com
     HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
     Skype for COM API
     Skype Technologies
     1.0.39.0
     c:\program files\common files\skype\skype4com.dll
     2/26/2013 4:10 PM

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
   Adobe Gamma Loader.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
     Adobe Gamma Loader
     Adobe Systems, Inc.
     1.0.0.1
     c:\program files\common files\adobe\calibration\adobe gamma loader.exe
     11/5/1999 3:51 AM
   Intuit Data Protect.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
     Intuit Data Protect
     Intuit Inc.
     1.66.21.4004
     c:\program files\common files\intuit\dataprotect\intuitdataprotect.exe
     2/19/2014 3:36 AM
   QuickBooks Update Agent.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
     QuickBooks Automatic Update
     Intuit Inc.
     23.0.4012.0
     c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
     1/16/2014 9:22 PM
   QuickBooks_Standard_21.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
     QuickBooks
     Intuit Inc.
     23.0.4012.2305
     c:\program files\intuit\quickbooks 2013\qbw32.exe
     1/16/2014 9:53 PM

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
   Dropbox.lnk
     C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
     Dropbox
     Dropbox, Inc.
     2.4.11.0
     c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
     11/9/2013 7:22 AM
   EvernoteClipper.lnk
     C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
     Evernote Clipper
     Evernote Corp., 305 Walnut Street, Redwood City, CA 94063
     5.0.3.1614
     c:\program files\evernote\evernote\evernoteclipper.exe
     10/23/2013 6:23 AM
   Logitech . Product Registration.lnk
     C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
     Product Registration
     Leader Technologies/Logitech
     1.38.0.0
     c:\program files\common files\logishrd\ereg\setpoint\ereg.exe
     11/4/2008 3:22 AM

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
   Adobe Reader User Settings
     "C:\Windows\system32\Rundll32.exe" "C:\Program Files\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
     Acrobat Install On Demand
     Adobe Systems, Inc.
     11.0.1.36
     c:\program files\adobe\reader 11.0\esl\aiodlite.dll
     12/18/2012 11:30 PM

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   Google Update
     "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
     Google Installer
     Google Inc.
     1.3.21.103
     c:\users\user\appdata\local\google\update\googleupdate.exe
     2/16/2012 8:28 AM
   Akamai NetSession Interface
     "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
     Akamai NetSession Client
     Akamai Technologies, Inc.
     1.8.9.2
     c:\users\user\appdata\local\akamai\netsession_win.exe
     6/5/2013 6:32 AM
   Viber
     "C:\Users\User\AppData\Local\Viber\Viber.exe" StartMinimized
     Viber
     3.1.1.60
     c:\users\user\appdata\local\viber\viber.exe
     8/1/2013 12:52 AM
   KiesPreload
     C:\Program Files\Samsung\Kies\Kies.exe /preload
     Kies
     Samsung
     1.0.0.1521
     c:\program files\samsung\kies\kies.exe
     12/11/2013 3:35 PM
   KiesAirMessage
     C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
     File not found: C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
     
   (Default)
     C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
     KiesPDLR
     Samsung
     1.0.0.1
     c:\program files\samsung\kies\external\firmwareupdate\kiespdlr.exe
     12/10/2013 7:21 AM
   StrongVPN Client
     "C:\Program Files\StrongVPN\StrongDial.exe" --silent
     StrongDial
     Black Oak Computers, Inc.
     1.3.5.3
     c:\program files\strongvpn\strongdial.exe
     12/9/2013 2:50 AM
   Wunderlist
     "C:\Program Files\Wunderlist2\Wunderlist.exe" /silent
     File not found: C:\Program Files\Wunderlist2\Wunderlist.exe
     
   GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE
     "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
     Google Chrome
     Google Inc.
     33.0.1750.146
     c:\users\user\appdata\local\google\chrome\application\chrome.exe
     3/2/2014 7:07 AM
   SmileboxTray
     "C:\Users\User\AppData\Roaming\Smilebox\SmileboxTray.exe"
     File not found: C:\Users\User\AppData\Roaming\Smilebox\SmileboxTray.exe
     
   Skype
     "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
     Skype
     Skype Technologies S.A.
     6.14.59.104
     c:\program files\skype\phone\skype.exe
     2/11/2014 12:40 AM

Task Scheduler
   \AdobeAAMUpdater-1.0-EESDELLDESKTOP-User
     "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" -mode=scheduled
     Adobe Updater Startup Utility
     Adobe Systems Incorporated
     2.2.0.2
     c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe
     5/6/2011 4:33 PM
   \GoogleUpdateTaskUserS-1-5-21-1266843641-3415387651-3088813132-1001Core
     "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
     Google Installer
     Google Inc.
     1.3.21.103
     c:\users\user\appdata\local\google\update\googleupdate.exe
     2/16/2012 8:28 AM
   \GoogleUpdateTaskUserS-1-5-21-1266843641-3415387651-3088813132-1001UA
     "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler
     Google Installer
     Google Inc.
     1.3.21.103
     c:\users\user\appdata\local\google\update\googleupdate.exe
     2/16/2012 8:28 AM
   \{6255DA71-7C98-48E9-8FEA-427B61E2A3B2}
     "C:\Program Files\Skype\\Phone\Skype.exe"
     Skype
     Skype Technologies S.A.
     6.14.59.104
     c:\program files\skype\phone\skype.exe
     2/11/2014 12:40 AM
   \Microsoft\Windows\NetTrace\GatherNetworkInfo
     "%windir%\system32\gatherNetworkInfo.vbs"
     c:\windows\system32\gathernetworkinfo.vbs
     6/2/2012 8:16 PM

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Evernote extension
     HKCR\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}
     Evernote Clipper for Microsoft Internet Explorer
     Evernote Corp., 305 Walnut Street, Redwood City, CA 94063
     5.0.3.1614
     c:\program files\evernote\evernote\evernoteie.dll
     10/23/2013 6:24 AM
   Adobe PDF Conversion Toolbar Helper
     HKCR\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}
     Adobe PDF Toolbar for Internet Explorer
     Adobe Systems Incorporated
     9.0.0.332
     c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
     6/12/2008 11:27 AM
   Logitech SetPoint
     HKCR\CLSID\{AF949550-9094-4807-95EC-D1C317803333}
     Logitech SetPoint
     Logitech, Inc.
     6.52.74.0
     c:\program files\logitech\setpointp\setpointsmooth.dll
     2/21/2013 7:42 AM
   SmartSelect Class
     HKCR\CLSID\{F4971EE7-DAA0-4053-9964-665D8EE6A077}
     Adobe PDF Toolbar for Internet Explorer
     Adobe Systems Incorporated
     9.0.0.332
     c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
     6/12/2008 11:27 AM

HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers
   DropboxExt
     HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\user\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 5:39 AM

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
   Adobe.Acrobat.ContextMenu
     HKCR\CLSID\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
     Adobe Acrobat Context Menu
     Adobe Systems Inc.
     9.0.5.332
     c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll
     6/12/2008 12:18 PM
   WinRAR
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     3.91.0.0
     c:\program files\winrar\rarext.dll
     12/12/2009 3:56 PM

HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers
   DropboxExt
     HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\user\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 5:39 AM

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
   WinRAR
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     3.91.0.0
     c:\program files\winrar\rarext.dll
     12/12/2009 3:56 PM

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
   WinRAR
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     3.91.0.0
     c:\program files\winrar\rarext.dll
     12/12/2009 3:56 PM

HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   DropboxExt
     HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\user\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 5:39 AM

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   igfxcui
     HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
     igfxpph Module
     Intel Corporation
     8.15.10.2932
     c:\windows\system32\igfxpph.dll
     12/13/2012 6:25 AM

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
   AudibleShlExt Class
     HKCR\CLSID\{16148659-720A-457d-850B-2DBD87BB129D}
     AudibleExt Module
     Audible, Inc.
     1.0.0.12
     c:\program files\audible\bin\audibleext.dll
     3/23/2009 9:15 PM
   PDF Shell Extension
     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
     PDF Shell Extension
     Adobe Systems, Inc.
     11.0.3.37
     c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
     5/11/2013 3:19 PM

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
   Adobe.Acrobat.ContextMenu
     HKCR\CLSID\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
     Adobe Acrobat Context Menu
     Adobe Systems Inc.
     9.0.5.332
     c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll
     6/12/2008 12:18 PM
   WinRAR
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     3.91.0.0
     c:\program files\winrar\rarext.dll
     12/12/2009 3:56 PM

HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
   WinRAR
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     3.91.0.0
     c:\program files\winrar\rarext.dll
     12/12/2009 3:56 PM

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
   DropboxExt1
     HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\user\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 5:39 AM
   DropboxExt2
     HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\user\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 5:39 AM
   DropboxExt3
     HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\user\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 5:39 AM

HKLM\Software\Microsoft\Internet Explorer\Toolbar
   Adobe PDF
     HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}
     Adobe PDF Toolbar for Internet Explorer
     Adobe Systems Incorporated
     9.0.0.332
     c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll
     6/12/2008 11:27 AM

HKLM\Software\Microsoft\Internet Explorer\Extensions
   Add to Evernote 5
     C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
     c:\program files\evernote\evernote\evernoteieres\addnote.html
     10/1/2013 10:48 AM

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\System32\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\system32\l3codeca.acm
     7/26/2012 8:04 AM
   vidc.cvid
     iccvid.dll
     Cinepakr Codec
     Radius Inc.
     1.10.0.12
     c:\windows\system32\iccvid.dll
     7/26/2012 8:04 AM

HKLM\Software\Classes\Filter
   MainConcept MPEG Demultiplexer
     HKCR\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}
     MPEG-1/2 Demultiplexer
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_demux_mp2_ds.ax
     7/3/2012 9:02 AM
   MainConcept MPEG Push Demultiplexer
     HKCR\CLSID\{668EE184-FD2D-4C72-8E79-439A35B438DE}
     MPEG Push Demultiplexer
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_demuxpush_mp2_ds.ax
     7/3/2012 9:03 AM

HKLM\Software\Classes\Filter
   MainConcept MPEG Demultiplexer
     HKCR\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}
     MPEG-1/2 Demultiplexer
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_demux_mp2_ds.ax
     7/3/2012 9:02 AM
   MainConcept MPEG Push Demultiplexer
     HKCR\CLSID\{668EE184-FD2D-4C72-8E79-439A35B438DE}
     MPEG Push Demultiplexer
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_demuxpush_mp2_ds.ax
     7/3/2012 9:03 AM

HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   MPC - Video decoder
     HKCR\CLSID\{008BAC12-FBAF-497B-9670-BC6F6FBAE2C4}
     H.264/VC-1 DXVA video decoder
     MPC HomeCinema
     1.3.1249.0
     c:\program files\freetime\formatfactory\ffmodules\filters\mpcvideodec.ax
     8/27/2009 2:08 AM
   ffdshow Video Decoder
     HKCR\CLSID\{04FE9017-F873-410E-871E-AB91661A4EF7}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4447.0
     c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax
     5/6/2012 10:05 PM
   MPC - Matroska Source
     HKCR\CLSID\{0A68C3B5-9164-4A54-AFAF-995B2FF0E0D4}
     Matroska Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\matroskasplitter.ax
     6/16/2011 12:06 AM
   ffdshow DXVA Video Decoder
     HKCR\CLSID\{0B0EFF97-C750-462C-9488-B10E7D87F1A6}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4447.0
     c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax
     5/6/2012 10:05 PM
   ffdshow raw video filter
     HKCR\CLSID\{0B390488-D80F-4A68-8408-48DC199F0E97}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4447.0
     c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax
     5/6/2012 10:05 PM
   ffdshow Audio Decoder
     HKCR\CLSID\{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4447.0
     c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax
     5/6/2012 10:05 PM
   MPC - Mpeg Source (Gabest)
     HKCR\CLSID\{1365BE7A-C86A-473C-9A41-C0A6E82C9FA3}
     Mpeg Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\mpegsplitter.ax
     6/16/2011 12:06 AM
   MainConcept MPEG Demultiplexer
     HKCR\CLSID\{136DCBF5-3874-4B70-AE3E-15997D6334F7}
     MPEG-1/2 Demultiplexer
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_demux_mp2_ds.ax
     7/3/2012 9:02 AM
   MPC - Matroska Splitter
     HKCR\CLSID\{149D2E01-C32E-4939-80F6-C07B81015A7A}
     Matroska Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\matroskasplitter.ax
     6/16/2011 12:06 AM
   MainConcept AAC Decoder
     HKCR\CLSID\{19987CEE-DEE8-49DC-98EC-F21380AA9E68}
     AAC audio decoder filter
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_dec_aac_ds.ax
     7/3/2012 9:27 AM
   RealVideo Decoder
     HKCR\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}
     RealMedia Splitter
     Gabest
     1.0.1.2
     c:\program files\freetime\formatfactory\ffmodules\filters\realmediasplitter.ax
     1/20/2008 6:22 PM
   MACSReaderMP3 Filter
     HKCR\CLSID\{2B9B4D10-C5B2-48CB-B34E-4ACF65BAD21F}
     MACSReaderMP3 Filter
     1.0.2006.804
     c:\program files\samsung\kies\external\mediamodules\macsreaderavi.ax
     10/9/2007 11:27 AM
   MPC - MP4 Source
     HKCR\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
     MP4 Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\mp4splitter.ax
     6/16/2011 12:06 AM
   Canon MDP Motion-JPEG Decoder
     HKCR\CLSID\{442D8A41-3935-474F-B8ED-E5EE1EDB0D35}
     Canon MDP Motion-JPEG Decoder Filter
     Canon Inc.
     3.3.0.6
     c:\program files\canon\mdp\canonmdpmjpegdecoder.ax
     6/2/2009 10:26 AM
   Canon Motion-JPEG Encoder
     HKCR\CLSID\{46FBA106-9C1E-4798-B3DD-5A38DCDAD0DA}
     Motion-JPEG Encoder Filter
     Canon Inc.
     3.2.0.4
     c:\program files\canon\mdl30\canonmjpegencoder.ax
     9/4/2008 9:36 AM
   SelfMusicVideo Dump Filter
     HKCR\CLSID\{476BD53C-B716-40E4-A4AE-E4B90A176047}
     SelfMusicVideo Dump Filter (DShow)
     ENJsoft Corporation
     8.1.2008.5200
     c:\program files\samsung\kies\external\transmodules\tg_dump0708.dll
     7/24/2008 12:30 AM
   MPC - FLV Splitter (Gabest)
     HKCR\CLSID\{47E792CF-0BBE-4F7A-859C-194B0768650A}
     FLV Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\flvsplitter.ax
     6/16/2011 12:06 AM
   Canon Mov File Parser Filter
     HKCR\CLSID\{4D9F3406-535E-42B0-96B7-3FD914DC4D68}
     Canon H.264 Mov Filter
     Canon Inc.
     1.8.0.7
     c:\program files\canon\canon mov decoder\180\canonh264filter.ax
     10/18/2010 6:01 AM
   Haali Media Splitter
     HKCR\CLSID\{55DA30FC-F16B-49FC-BAA5-AE59FC65F82D}
     Haali Media Splitter
     1.11.288.0
     c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax
     9/8/2011 7:46 PM
   Haali Media Splitter (AR)
     HKCR\CLSID\{564FD788-86C9-4444-971E-CC4A243DA150}
     Haali Media Splitter
     1.11.288.0
     c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax
     9/8/2011 7:46 PM
   Track2Filter
     HKCR\CLSID\{5A735BC6-8319-4731-8560-F21E83B98F15}
     Adobe Photoshop Elements 11.0 (component)
     Adobe Systems Incorporated
     11.0.0.0
     c:\program files\adobe\elements 11 organizer\track2filter.dll
     9/23/2012 9:30 AM
   MPC - MP4 Splitter
     HKCR\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
     MP4 Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\mp4splitter.ax
     6/16/2011 12:06 AM
   MainConcept MPEG Push Demultiplexer
     HKCR\CLSID\{668EE184-FD2D-4C72-8E79-439A35B438DE}
     MPEG Push Demultiplexer
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_demuxpush_mp2_ds.ax
     7/3/2012 9:03 AM
   Haali Video Renderer
     HKCR\CLSID\{760A8F35-97E7-479D-AAF5-DA9EFF95D751}
     c:\program files\freetime\formatfactory\ffmodules\filters\haali\dxr.dll
     9/8/2011 7:45 PM
   RealMedia Source
     HKCR\CLSID\{765035B3-5944-4A94-806B-20EE3415F26F}
     RealMedia Splitter
     Gabest
     1.0.1.2
     c:\program files\freetime\formatfactory\ffmodules\filters\realmediasplitter.ax
     1/20/2008 6:22 PM
   Canon DES Resizer SaveMode
     HKCR\CLSID\{809853B7-D72F-46B6-AC2B-723DDED8AC38}
     CanonDESResizer
     Canon Inc.
     3.2.0.9
     c:\program files\canon\mdl30\canondesresizer.ax
     10/16/2008 10:19 AM
   Canon Text Source Filter
     HKCR\CLSID\{8206D708-86A0-496C-BB25-30F50B711B89}
     Canon Text Source Filter
     Canon Inc.
     3.2.0.13
     c:\program files\canon\mdl30\canontextsourcefilter.ax
     9/8/2008 6:46 AM
   Canon Image Rotation Filter
     HKCR\CLSID\{88BF3C2B-D712-41C2-841D-3258B0591360}
     Canon Image Rotation Filter
     Canon Inc.
     1.7.1.27
     c:\program files\canon\mdp\canonrotatefilter.dll
     10/14/2010 10:17 AM
   Canon Motion-JPEG Decoder
     HKCR\CLSID\{8D2A4FD7-01D3-4D44-A1F4-A699DCA75A6A}
     Canon Motion-JPEG Decoder Filter
     Canon Inc.
     3.2.0.6
     c:\program files\canon\mdl30\canonmjpegdecoder.ax
     9/26/2008 6:38 AM
   Haali Simple Media Splitter
     HKCR\CLSID\{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}
     Haali Media Splitter
     1.11.288.0
     c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax
     9/8/2011 7:46 PM
   DirectVobSub
     HKCR\CLSID\{93A22E7A-5091-45EF-BA61-6DA26156A5D0}
     VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth
     Gabest
     2.39.5.1
     c:\program files\freetime\formatfactory\ffmodules\avisynthplugins\vsfilter.dll
     2/16/2009 2:50 AM
   RealAudio Decoder
     HKCR\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}
     RealMedia Splitter
     Gabest
     1.0.1.2
     c:\program files\freetime\formatfactory\ffmodules\filters\realmediasplitter.ax
     1/20/2008 6:22 PM
   MainConcept AVC/H.264 Video Decoder
     HKCR\CLSID\{96B9D0ED-8D13-4171-A983-B84D88D627BE}
     AVC/H.264 Decoder DirectShow Filter
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_dec_avc_ds.ax
     7/3/2012 9:21 AM
   MPC - Avi Splitter
     HKCR\CLSID\{9736D831-9D6C-4E72-B6E7-560EF9181001}
     Avi Splitter
     Gabest
     1.3.1290.0
     c:\program files\freetime\formatfactory\ffmodules\filters\avisplitter.ax
     9/28/2009 10:42 PM
   DirectVobSub (auto-loading version)
     HKCR\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
     VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth
     Gabest
     2.39.5.1
     c:\program files\freetime\formatfactory\ffmodules\avisynthplugins\vsfilter.dll
     2/16/2009 2:50 AM
   Canon Mov File Parser Filter2
     HKCR\CLSID\{9ECD9CD7-84B1-44AE-BCFE-C7FD93228F7F}
     Canon H.264 Mov Filter
     Canon Inc.
     1.8.0.7
     c:\program files\canon\canon mov decoder\180\canonh264filter.ax
     10/18/2010 6:01 AM
   Haali Matroska Muxer
     HKCR\CLSID\{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}
     Haali Media Splitter
     1.11.288.0
     c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax
     9/8/2011 7:46 PM
   NEDFilter4Samsung Filter
     HKCR\CLSID\{A4988A6F-EC43-452A-8839-80494FB2CBD2}
     MACSReaderMP3 Filter
     L544T Technology
     8.1.0.0
     c:\program files\samsung\kies\external\mediamodules\nedfilter4samsung.ax
     12/15/2009 12:10 PM
   Track1Filter
     HKCR\CLSID\{A4D19910-AF55-4F45-B0E8-5A6C93F51537}
     Adobe Photoshop Elements 11.0 (component)
     Adobe Systems Incorporated
     11.0.0.0
     c:\program files\adobe\elements 11 organizer\track1filter.dll
     9/23/2012 9:30 AM
   AC3Filter
     HKCR\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
     ac3filter
     1.3.1.0
     c:\program files\freetime\formatfactory\ffmodules\filters\ac3filter.ax
     8/11/2009 11:04 PM
   MainConcept (Broadcast) AVC/H.264 Video Decoder
     HKCR\CLSID\{B0B7B094-4BD7-4F7B-B09E-90C471BFAB86}
     AVC/H.264 Decoder DirectShow Filter
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_bc_dec_avc_ds.ax
     7/3/2012 9:22 AM
   Canon-Actual-Data-Length-Setter
     HKCR\CLSID\{B4124EAD-A7CE-46DC-AA43-A34C609AA003}
     CanonActualDataLengthSetter
     Canon Inc.
     3.2.0.5
     c:\program files\canon\mdl30\canonactualdatalengthsetter.ax
     9/4/2008 11:06 AM
   Canon H.264 Decode Filter
     HKCR\CLSID\{B7215EE3-AF54-433F-9D2F-2264916984F6}
     Canon H.264 Mov Filter
     Canon Inc.
     1.8.0.7
     c:\program files\canon\canon mov decoder\180\canonh264filter.ax
     10/18/2010 6:01 AM
   ffdshow Audio Processor
     HKCR\CLSID\{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4447.0
     c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax
     5/6/2012 10:05 PM
   Canon H.264 Encoder 1.6.0
     HKCR\CLSID\{C894C63B-292B-4A2A-B5E1-75AC3D68FB03}
     Canon H264 Encoder Filter
     CANON INC.
     1.6.0.1
     c:\program files\canon\canon mov encoder\canonh264encoder.ax
     8/23/2010 7:06 AM
   MPC - FLV Source (Gabest)
     HKCR\CLSID\{C9ECE7B3-1D8E-41F5-9F24-B255DF16C087}
     FLV Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\flvsplitter.ax
     6/16/2011 12:06 AM
   MPC - Avi Source
     HKCR\CLSID\{CEA8DEFF-0AF7-4DB9-9A38-FB3C3AEFC0DE}
     Avi Splitter
     Gabest
     1.3.1290.0
     c:\program files\freetime\formatfactory\ffmodules\filters\avisplitter.ax
     9/28/2009 10:42 PM
   Canon Resizer
     HKCR\CLSID\{CF52F5EC-257B-4D0A-AB8D-34E79A821E0E}
     CanonResizer
     Canon Inc.
     3.2.0.6
     c:\program files\canon\mdl30\canonresizer.ax
     9/4/2008 10:14 AM
   Audible Words Codec
     HKCR\CLSID\{D05F33E0-3F75-11D3-A176-006008944486}
     Audible Audio Files DirectShow Source Filter
     Audible, Inc.
     5.1.0.12
     c:\windows\system32\awrdscdc.ax
     10/3/2009 4:28 AM
   MPC - MPEG4 Video Splitter
     HKCR\CLSID\{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}
     MP4 Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\mp4splitter.ax
     6/16/2011 12:06 AM
   Canon WAV Dest
     HKCR\CLSID\{D6BB0302-F7ED-497C-B878-52FC6F863543}
     CanonWavDest
     Canon Inc.
     3.2.0.4
     c:\program files\canon\mdl30\canonwavdest.ax
     9/4/2008 10:33 AM
   ffdshow subtitles filter
     HKCR\CLSID\{DBF9000E-F08C-4858-B769-C914A0FBB1D7}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4447.0
     c:\program files\freetime\formatfactory\ffmodules\filters\ffdshow\ffdshow.ax
     5/6/2012 10:05 PM
   MPC - Mpeg Splitter (Gabest)
     HKCR\CLSID\{DC257063-045F-4BE2-BD5B-E12279C464F0}
     Mpeg Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\mpegsplitter.ax
     6/16/2011 12:06 AM
   MainConcept Stream Parser
     HKCR\CLSID\{DEE56715-7081-4D57-91A7-984AE2712268}
     MPEG-1/2 Demultiplexer
     MainConcept GmbH
     8.5.0.5184
     c:\program files\adobe\elements 11 organizer\mc_codecs\mc_demux_mp2_ds.ax
     7/3/2012 9:02 AM
   RealMedia Splitter
     HKCR\CLSID\{E21BE468-5C18-43EB-B0CC-DB93A847D769}
     RealMedia Splitter
     Gabest
     1.0.1.2
     c:\program files\freetime\formatfactory\ffmodules\filters\realmediasplitter.ax
     1/20/2008 6:22 PM
   MPC - MPEG4 Video Source
     HKCR\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
     MP4 Splitter
     MPC-HC Team
     1.5.2.3236
     c:\program files\freetime\formatfactory\ffmodules\filters\mp4splitter.ax
     6/16/2011 12:06 AM
   Haali Video Sink
     HKCR\CLSID\{F13D3732-96BD-4108-AFEB-E85F68FF64DC}
     Haali Media Splitter
     1.11.288.0
     c:\program files\freetime\formatfactory\ffmodules\filters\haali\splitter.ax
     9/8/2011 7:46 PM
   psWav Dest
     HKCR\CLSID\{FEFDE650-9F37-4D7A-86DC-88AF05E51B87}
     Canon Utilities Support Library
     Canon Inc.
     1.1.0.2
     c:\program files\canon\zoombrowser ex mcu\pswavdes.ax
     9/4/2006 4:24 PM

==== Empty IE Cache ======================

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8MN3TXZ will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\vj87iu34.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=8 folders=8 22405 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8MN3TXZ" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Sun 03/09/2014 at 12:40:41.64 ======================
 

Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

copy and paste the report in next reply

 

Kevin

Link to post
Share on other sites

I decided not to wait for your confirmation re Win8, as I was going to be out and so had time to let it run. Here are the results.

 

C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe a variant of Win32/Hao123.A potentially unwanted application
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe a variant of Win32/Hao123.A potentially unwanted application
C:\Program Files\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe a variant of Win32/Hao123.A potentially unwanted application
C:\Users\User\AppData\Local\UpdateChecker\UpdateCheckerApp.exe MSIL/Toolbar.SmileysLove.C potentially unwanted application
C:\Users\User\AppData\Local\Viber\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
 

Link to post
Share on other sites

This is not needed on your system due to bundled unwanted extras C:\Program Files\FreeTime Uninstall the normal way, any problems with the uninstall use the following:

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Users\User\AppData\Local\UpdateCheckerC:\Users\User\AppData\Local\Viber:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Let me know if any remaining issues or concerns...

 

Thanks,

 

Kevin

Link to post
Share on other sites

Hi Kevin.

 

Your directions begin mid-thought:

"This is not needed on your system due to bundled unwanted extras C:\Program Files\FreeTime Uninstall the normal way, any problems with the uninstall use the following:"

 

Yes, I have bundled, unwanted extras, but they didn't show up using Geek Uninstaller. I stupidly, knowing better, tried to get a video to play and downloaded a codec (can't remember or find the name) that pulled in all kinds of extras. That's when Firefox started displaying certain pages incorrectly. Unfortunately, we've not solved that problem. I want to switch to Chrome, but it doesn't have the tree'd sidebar tab ability and I also want to solve this problem. Thoughts? Suggestions? When I look at all the logs, etc I don't see the culprit.

 

Thanks, Ellie

 

Here's log from OTM.

All processes killed
========== FILES ==========
C:\Users\User\AppData\Local\UpdateChecker folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60\sqldrivers folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60\Sound\Ringtone folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60\Sound\Messages folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60\Sound\DTMF folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60\Sound folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60\platforms folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60\imageformats folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60\iconengines folder moved successfully.
C:\Users\User\AppData\Local\Viber\3.1.1.60 folder moved successfully.
C:\Users\User\AppData\Local\Viber folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: User
->Temp folder emptied: 2960808 bytes
->Temporary Internet Files folder emptied: 146882018 bytes
->FireFox cache emptied: 26717087 bytes
->Google Chrome cache emptied: 188733982 bytes
->Flash cache emptied: 1013 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 438272 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50684 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 13962815538 bytes
 
Total Files Cleaned = 13,665.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 03112014_101552

Files moved on Reboot...
File C:\Users\User\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll not found!
C:\Windows\temp\FireFly(20140310132127734).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20140310132127734).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20140310132127734).log moved successfully.

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Done and no improvement with Firefox display. Attached a quick screenshot of a gmail screen to show the problem. 

 

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by User on Wed 03/12/2014 at 11:08:12.17.
Microsoft Windows 8 Pro 6.2.9200  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-03-09-065541.log    86113 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== File Information Results ======================


==== Installed Programs ======================

01 Transaction Pro Importer 5.0  
Adobe Acrobat  9 Standard - English, Fran‡ais, Deutsch  
Adobe Flash Player 12 Plugin  
Adobe Photoshop Elements 11  
Adobe Reader XI (11.0.03)  
Akamai NetSession Interface  
Amazon Kindle  
AudibleManager  
Caesium version 1.6.1  
CANON iMAGE GATEWAY MyCamera Download Plugin  
CANON iMAGE GATEWAY Task for ZoomBrowser EX  
Canon MOV Decoder  
Canon MOV Encoder  
Canon MovieEdit Task for ZoomBrowser EX  
Canon Utilities Digital Photo Professional 3.10  
Canon Utilities EOS Sample Music  
Canon Utilities EOS Utility  
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX  
Canon Utilities Movie Uploader for YouTube  
Canon Utilities PhotoStitch  
Canon Utilities Picture Style Editor  
Canon Utilities ZoomBrowser EX  
Canon ZoomBrowser EX Memory Card Utility  
Dropbox  
Elements 11 Organizer  
eReg  
Evernote v. 5.0.3  
FormatFactory 3.2.1.0  
Gone Home  
Google Chrome  
HandBrake 0.9.9.1  
Inkscape 0.48.4  
Intel® Processor Graphics  
Logitech SetPoint 6.52  
Microsoft Access database engine 2010 (English)  
Microsoft Office 365 Home Premium - en-us  
Microsoft OneDrive  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual Studio 2005 Tools for Office Runtime  
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)  
Mozilla Firefox 27.0.1 (x86 en-US)  
Mozilla Maintenance Service  
Office 15 Click-to-Run Extensibility Component  
Office 15 Click-to-Run Licensing Component  
Office 15 Click-to-Run Localization Component  
OutlookTodoistADX  
Paint.NET v3.5.11  
PhotoScape  
PROLiNK Wireless LAN Utility  
PSE11 STI Installer  
QuickBooks  
QuickBooks Pro 2013  
Readiris Pro 10  
Samsung Kies  
Samsung SCX-4300 Series  
Samsung Story Album Viewer  
Samsung Universal Scan Driver  
SAMSUNG USB Driver for Mobile Phones  
SkypeT 6.14  
SmarThru Office  
StrongVPN Client  
Todoist  
Viber  
Vuze  
Windows Driver Package - Android-Sync.com (WinUSB) AndroidUsbDeviceClass  (05/01/2013 13.0.0501.00000)  
Windows Driver Package - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0)  
Windows Driver Package - LG Electronics Inc Modem  (11/30/2010 2.2.0.0)  
Windows Driver Package - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0)  
Windows Driver Package - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0)  
Windows Driver Package - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0)  
Windows Driver Package - LG Electronics Inc. Ports  (11/30/2010 2.2.0.0)  
Windows Driver Package - LG Electronics Inc. USB  (11/30/2010 2.2.0.0)  
Windows Driver Package - LG Electronics, Inc. (andnetndis) Net  (03/07/2012 3.7.0.0)  
Windows Driver Package - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0)  
Windows Driver Package - LG Electronics, Inc. WPD  (03/07/2012 3.7.0.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/25/2013 2.9.508.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaemdm) Modem  (02/05/2010 5.14.0.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaend5) Net  (02/05/2010 5.14.0.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaeunic) USB  (02/05/2010 5.14.0.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/25/2013 2.9.508.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0)  
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  WPD  (03/25/2013 2.9.508.0)  
WinRAR archiver  

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20140312_1114_.backup

==== Deleting Files \ Folders ======================

C:\END deleted
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default\jetpack deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [08/03/2013 06:45 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default
- Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
- Youtube MP3 Podcaster - %ProfilePath%\extensions\youtubemp3podcaster@jeremy.d.gregorio.com
- Evernote Web Clipper - %ProfilePath%\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
- Copy Urls Expert - %ProfilePath%\extensions\copy-urls-expert@kashiif-gmail.com.xpi
- Easy Screen Shot - %ProfilePath%\extensions\easyscreenshot@mozillaonline.com.xpi
- Android Desktop Notifications - %ProfilePath%\extensions\jid0-105eGBfutA8RahNXKJRXP7CPNs0@jetpack.xpi
- Awesome screenshot: Capture and Annotate - %ProfilePath%\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
- Clearly - %ProfilePath%\extensions\readable@evernote.com.xpi
- Todoist - %ProfilePath%\extensions\support@todoist.com.xpi
- Tree Style Tab - %ProfilePath%\extensions\treestyletab@piro.sakura.ne.jp.xpi
- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vj87iu34.default
A9C86900D2A61728C8326FE7147617C5    - C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll -    Google Update
FD6ACD9D85177259D442A0C4AC15F7B8    - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll -    Shockwave Flash
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -    Microsoft Office 2013
3A523765D795DB006C010B915C3A840A    - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll -    Adobe Acrobat
42A9B216A7A288512CE2F9A6BCCE96BC    - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll -    Adobe Acrobat
8BA469072B5A692B659F856C7E97A230    - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll -    NPCIG.dll


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
edaibbiobngpbmeonadpbfafbkimjbdd - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[02/21/2013 07:44 AM]
fdjkhamgopgokjmllcmpkiijndjeidcl - C:\Users\User\AppData\Local\Temp\twsfiles\trustedshopper.crx[]

Facebook - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm
OneTab - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
Tab Manager - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda
Logitech SetPoint - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd
Tabs Outliner - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl
AdBlock - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Theme - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\imoaoigekmpoalkbfohhjgkcocjdapne
Veritabs - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehjgjnfanppoiaikadimdkobpdahnmg
TabsPlus - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikomkkhhpfoeamojhhgpfkpkdlfhfii
TabCloud - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\fdjkhamgopgokjmllcmpkiijndjeidcl deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L79XRS9 will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTQ10ODR will be deleted at reboot
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RMU0LP54 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\vj87iu34.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=11 folders=11 40848 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\wmpnsslog00.sqm" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L79XRS9" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTQ10ODR" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RMU0LP54" not found

==== EOF on Wed 03/12/2014 at 11:17:26.56 ======================
 

post-157893-0-20877300-1394603012_thumb.

Link to post
Share on other sites

Go here:https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems follow those instructions and reset FireFox to Default state,

 

Restart Firefox, When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, search for and install the two following addons:

 

Adblock Plus, Flash Block. You will have to restart FF when those are done.

 

Any improvement?

Link to post
Share on other sites

Well, I had hoped that a FF reset could be avoided. Should have done it long ago, before dragging you into this. All is now well, but it seems that everything done prior was a waste of time. Now I'm setting to the task of configuring FF the way I like it. Wish Chrome could be customized as FF is.

 

Any last thoughts?

Link to post
Share on other sites

Navigate to and delete C:\zoek_backup folder

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Remove disinfection tools

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed..

 

If no remaining issues or concerns are we ok to close out....

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.