Jump to content

'Continue Live Installation'


ypkx

Recommended Posts

Hello

I am in need of some help please!

Three programs were randomly installed onto my windows 7 laptop.

 

Optimizer Pro

My Icon display (or something or another)
Optimizer 'something or another'

 

After a quick google ; these three programs were probably installed included in another program.

But while removing these programs a further program was installed straight away called Bubble blow (might have this wrong)

I'm now receiving pop ups every 5 minutes and have noticed a blank icon on the screen called Continue Live Installation; not sure if this has anything to do with it? The file name is \ICReinstsall_nsa1E0C.tmp

 

I don't know where to start!

Thanks in advance for any help or advice given.

 

Jesse

Link to post
Share on other sites

OTL logfile created on: 01/11/2014 20:50:47 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = E:\virus stuff
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
5.86 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 67.96% Memory free
11.71 Gb Paging File | 9.49 Gb Available in Paging File | 81.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.31 Gb Total Space | 390.66 Gb Free Space | 86.37% Space Free | Partition Type: NTFS
Drive E: | 298.02 Gb Total Space | 207.52 Gb Free Space | 69.64% Space Free | Partition Type: FAT32
 
Computer Name: SIMART | User Name: Jesse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/01 14:48:51 | 000,089,600 | ---- | M] () -- C:\Users\Jesse\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2014/10/30 13:03:06 | 003,981,256 | ---- | M] () -- C:\Program Files (x86)\mbot_gb_167\mbot_gb_167.exe
PRC - [2014/10/30 13:03:06 | 003,339,720 | ---- | M] () -- C:\Users\Jesse\AppData\Local\mbot_gb_167\upmbot_gb_167.exe
PRC - [2014/10/22 04:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/10/16 22:07:38 | 003,487,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/10/16 22:04:10 | 003,649,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/10/16 21:50:58 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/09/29 14:38:24 | 001,147,416 | ---- | M] () -- C:\Users\Jesse\AppData\Local\StormWatch\StormWatchApp.exe
PRC - [2014/09/23 14:00:00 | 002,774,040 | ---- | M] () -- C:\Users\Jesse\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
PRC - [2014/09/23 14:00:00 | 002,774,040 | ---- | M] () -- C:\ProgramData\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
PRC - [2012/06/25 13:38:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\virus stuff\OTL.exe
PRC - [2011/03/18 15:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/05/31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/05/28 20:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/28 20:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/05/26 10:08:08 | 000,055,152 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/05/18 13:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 03:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/16 20:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) -- C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/30 13:03:06 | 003,981,256 | ---- | M] () -- C:\Program Files (x86)\mbot_gb_167\mbot_gb_167.exe
MOD - [2014/10/30 13:03:06 | 003,339,720 | ---- | M] () -- C:\Users\Jesse\AppData\Local\mbot_gb_167\upmbot_gb_167.exe
MOD - [2014/10/22 04:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/22 04:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/22 04:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/22 04:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/09/29 14:38:24 | 001,147,416 | ---- | M] () -- C:\Users\Jesse\AppData\Local\StormWatch\StormWatchApp.exe
MOD - [2014/09/23 14:00:00 | 002,774,040 | ---- | M] () -- C:\Users\Jesse\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe
MOD - [2013/02/13 19:46:21 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll
MOD - [2013/02/13 19:46:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/13 20:14:12 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll
MOD - [2013/01/13 20:08:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/01/13 20:08:12 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/13 20:08:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/01/13 20:07:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/01/13 20:07:52 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/13 20:07:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2233b9b886d0247cf72ed5f1305ed4ec\System.Configuration.ni.dll
MOD - [2013/01/13 20:07:47 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 20:06:19 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/06/21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010/06/09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/06/09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/06/09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2010/06/08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/06/08 17:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010/06/06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/05/31 18:25:48 | 001,250,160 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2010/05/25 05:23:52 | 000,252,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/11/01 14:50:52 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem) globalUpdate Update Service (globalUpdatem)
SRV - [2014/11/01 14:50:52 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate) globalUpdate Update Service (globalUpdate)
SRV - [2014/11/01 14:48:51 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Users\Jesse\AppData\Roaming\VOPackage\VOsrv.exe -- (servervo)
SRV - [2014/10/16 22:07:38 | 003,487,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/10/16 21:50:58 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/09/30 15:52:48 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe -- (FastPlayerUpdaterService)
SRV - [2014/09/26 19:39:10 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/18 15:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/10 14:16:32 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/06/20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/06/18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/06/17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/05/31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/05/28 20:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/05/28 20:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/12/16 20:09:34 | 000,049,152 | ---- | M] (Sage (UK) Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe -- (Sage SData Service)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/01 14:49:31 | 000,058,040 | ---- | M] (Corsica) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\webinstrNew.sys -- (webinstrNew)
DRV:64bit: - [2014/10/10 15:14:32 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/10/07 21:43:06 | 000,262,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/10/05 21:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/08/28 21:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/07/18 15:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/18 21:03:34 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/18 21:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 21:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/01 06:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 06:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/24 20:34:53 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/06/24 20:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/24 20:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/06/23 20:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/06/23 20:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/23 20:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/06/23 20:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/06/23 20:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/06/23 20:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010/06/23 20:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010/05/31 21:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/05/31 21:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/05/31 21:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/31 20:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010/05/28 20:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/05/28 20:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2010/04/26 20:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/03/04 02:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/10 02:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV:64bit: - [2009/06/10 20:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?type=hp&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?type=ds&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9&q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?type=hp&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30bhC77cNpgL6mIuwJ4RpG-uha2K_qINQnWkB384JOJmUVLUEnBXT1UY_59Ci7xynM45fF2ojT2uByz0RWbDL-geDiJ9hKli6kwZxPyev3kEytiW2IfqKSACUVqxvJvBvXstxRlqdnRQsgA,&q={searchTerms}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?type=ds&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?type=hp&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30bhC77cNpgL6mIuwJ4RpG-uha2K_qINQnWkB384JOJmUVLUEnBXT1UY_59Ci7xynM45fF2ojT2uByz0RWbDL-geDiJ9hKli6kwZxPyev3kEytiW2IfqKSACUVqxvJvBvXstxRlqdnRQsgA,&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30bhC77cNpgL6mIuwJ4RpG-uha2K_qINQnWkB384JOJmUVLUEnBXT1UY_59Ci7xynM45fF2ojT2uByz0RWbDL-geDiJ9hKli6kwZxPyev3kEytiW2IfqKSACUVqxvJvBvXstxRlqdnRQsgA,&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?type=hp&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30bhC77cNpgL6mIuwJ4RpG-uha2K_qINQnWkB384JOJmUVLUEnBXT1UY_59Ci7xynM45fF2ojT2uByz0RWbDL-geDiJ9hKli6kwZxPyev3kEytiW2IfqKSACUVqxvJvBvXstxRlqdnRQsgA,&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30bhC77cNpgL6mIuwJ4RpG-uha2K_qINQnWkB384JOJmUVLUEnBXT1UY_59Ci7xynM45fF2ojT2uByz0RWbDL-geDiJ9hKli6kwZxPyev3kEytiW2IfqKSACUVqxvJvBvXstxRlqdnRQsgA,&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30bhC77cNpgL6mIuwJ4RpG-uha2K_qINQnWkB384JOJmUVLUEnBXT1UY_59Ci7xynM45fF2ojT2uByz0RWbDL-geDiJ9hKli6kwZxPyev3kEytiW2IfqKSACUVqxvJvBvXstxRlqdnRQsgA,&q={searchTerms}
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?type=ds&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?type=hp&ts=1414867501&from=nsbuk&uid=ST9500325AS_5VEDS921XXXX5VEDS921&i=psd&t=34b53a5c9"
FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRceu5du6tuU80dr30bhC77cNpgL6mIuwJ4RpG-uha2K_qINQnWkB384JOJmUVLUEnBXT1UY_59Ci7xynM45fF2ojT2uByz0RWbDL-geDiJ9hKli6kwZxPyev3kEytiW2IfqKSACUVqxvJvBvXstxRlqdnRQsgA,&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\faststartff@gmail.com: C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\extensions\faststartff@gmail.com [2014/11/01 18:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/07/27 21:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesse\AppData\Roaming\Mozilla\Extensions
[2014/11/01 18:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\extensions
[2014/11/01 14:53:08 | 000,000,000 | ---D | M] ("Muvic") -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\extensions\{75378f44-74b6-e5cc-a078-decb38777d03}
[2014/11/01 14:51:26 | 000,000,000 | ---D | M] ("HQ-Video-Pro-2.1cV01.11") -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\extensions\EKJVVD29402736@EUOWKG84927606.com
[2014/11/01 18:45:01 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\extensions\faststartff@gmail.com
[2014/11/01 14:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData
[2014/11/01 14:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\plugins
[2014/11/01 14:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\extensions\EKJVVD29402736@EUOWKG84927606.com\extensionData\userCode
[2014/11/01 14:49:41 | 000,022,856 | ---- | M] () -- C:\Users\Jesse\AppData\Roaming\Mozilla\Firefox\Profiles\0cmmu213.default\searchplugins\Web Search.xml
[2014/09/26 19:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/26 19:39:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk\1.26.44_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.5.230_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Jesse\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Krab Web) - {feadf62f-aec2-46a1-a087-40149f311df9} - C:\Program Files (x86)\Krab Web\KrabWebbho.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mbot_gb_167] C:\Program Files (x86)\mbot_gb_167\mbot_gb_167.exe ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1014avt] C:\Users\Jesse\AppData\Roaming\Avg_Update_1014avt\AVG-Secure-Search-Update_1014avt.exe ()
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_D00CAFF0F2A117FBD45ECFDF63767572] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [WindApp] C:\Users\Jesse\AppData\Roaming\Store\WindApp\WindApp Update.exe (Nosibay)
O4 - HKLM..\RunOnce: [upmbot_gb_167.exe] C:\Users\Jesse\AppData\Local\mbot_gb_167\upmbot_gb_167.exe ()
O4 - Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk = C:\Users\Jesse\AppData\Local\StormWatch\StormWatch.exe (Weather Protector LLC)
O4 - Startup: C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk = C:\Users\Jesse\AppData\Local\StormWatch\StormWatchApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Users\Jesse\AppData\Local\Smartbar\Application\Resources\crdlil64.dll) - C:\Users\Jesse\AppData\Local\Smartbar\Application\Resources\crdlil64.dll ()
O20 - AppInit_DLLs: (c:\users\jesse\appdata\local\smartbar\application\resources\crdlil.dll) - c:\Users\Jesse\AppData\Local\Smartbar\Application\Resources\crdlil.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/01 20:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/11/01 20:49:46 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/11/01 19:04:07 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\Avg_Update_1014avt
[2014/11/01 19:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_1014avt
[2014/11/01 18:52:05 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\AVG2015
[2014/11/01 18:51:25 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\TuneUp Software
[2014/11/01 18:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/11/01 18:50:25 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/11/01 18:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/11/01 18:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/11/01 18:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/11/01 18:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupTab
[2014/11/01 18:43:18 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\Store
[2014/11/01 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Krab Web
[2014/11/01 18:43:00 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\Nosibay
[2014/11/01 18:40:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/11/01 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\MFAData
[2014/11/01 18:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/11/01 18:40:30 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\Avg2015
[2014/11/01 18:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/11/01 14:53:36 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[2014/11/01 14:53:04 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\com
[2014/11/01 14:52:22 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\TVWizard
[2014/11/01 14:52:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Flash
[2014/11/01 14:51:35 | 000,000,000 | ---D | C] -- C:\Users\Jesse\Documents\Optimizer Pro
[2014/11/01 14:51:09 | 000,000,000 | -HSD | C] -- C:\Users\Jesse\AppData\Roaming\AnyProtectEx
[2014/11/01 14:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2014/11/01 14:51:07 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\fastplayer
[2014/11/01 14:50:52 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\globalUpdate
[2014/11/01 14:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/11/01 14:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HQ-Video-Pro-2.1cV01.11
[2014/11/01 14:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPlayer
[2014/11/01 14:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LPT
[2014/11/01 14:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastPlayer
[2014/11/01 14:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PWxoqbbJSm
[2014/11/01 14:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TVWizard
[2014/11/01 14:49:31 | 000,058,040 | ---- | C] (Corsica) -- C:\Windows\SysNative\drivers\webinstrNew.sys
[2014/11/01 14:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ver3NewPlayer
[2014/11/01 14:49:22 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\LPT
[2014/11/01 14:49:21 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\Smartbar
[2014/11/01 14:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
[2014/11/01 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\mbot_gb_167
[2014/11/01 14:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mbot_gb_167
[2014/11/01 14:48:57 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
[2014/11/01 14:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
[2014/11/01 14:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PepperZip
[2014/11/01 14:48:39 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\VOPackage
[2014/11/01 14:48:39 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/11/01 14:48:36 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\Weather_Protector_LLC
[2014/11/01 14:48:26 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
[2014/11/01 14:48:25 | 000,000,000 | ---D | C] -- C:\Users\Jesse\AppData\Local\StormWatch
[2014/10/15 21:52:28 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/15 21:52:28 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/15 21:52:28 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/10 15:14:32 | 000,274,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/10/07 21:43:06 | 000,262,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/10/05 21:41:40 | 000,124,184 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jesse\Documents\*.tmp files -> C:\Users\Jesse\Documents\*.tmp -> ]
[1 C:\Users\Jesse\AppData\Local\*.tmp files -> C:\Users\Jesse\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/01 20:55:05 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/11/01 20:51:00 | 000,004,842 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-4.job
[2014/11/01 20:51:00 | 000,003,818 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-7.job
[2014/11/01 20:51:00 | 000,002,450 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-5.job
[2014/11/01 20:51:00 | 000,002,114 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-2.job
[2014/11/01 20:50:59 | 000,005,188 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-11.job
[2014/11/01 20:50:59 | 000,004,162 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-6.job
[2014/11/01 20:50:59 | 000,003,474 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-1.job
[2014/11/01 20:50:59 | 000,002,450 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-5_user.job
[2014/11/01 20:50:00 | 000,004,498 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-3.job
[2014/11/01 20:50:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-10_user.job
[2014/11/01 20:49:46 | 000,002,975 | ---- | M] () -- C:\Users\Jesse\Desktop\HiJackThis.lnk
[2014/11/01 20:48:30 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/01 20:48:30 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/01 20:48:30 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/01 20:48:23 | 000,019,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/01 20:48:23 | 000,019,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/01 20:40:59 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AVG_SYS_TASK_1014avt_DELETE.job
[2014/11/01 20:40:58 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/01 20:40:57 | 000,001,336 | ---- | M] () -- C:\Windows\tasks\KUUDE.job
[2014/11/01 20:40:57 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/11/01 20:40:56 | 000,001,332 | ---- | M] () -- C:\Windows\tasks\MKJ.job
[2014/11/01 20:40:56 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\AVG_SYS_TASK_1014avt.job
[2014/11/01 20:40:56 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\NewPlayer Update.job
[2014/11/01 20:40:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/01 20:40:13 | 422,125,567 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/01 20:19:43 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/01 18:51:25 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/11/01 18:48:07 | 000,001,681 | ---- | M] () -- C:\Windows\SysWow64\${LOGFILE}
[2014/11/01 17:56:38 | 000,001,089 | ---- | M] () -- C:\Users\Jesse\Desktop\Continue Live Installation.lnk
[2014/11/01 17:55:11 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/11/01 17:55:11 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/11/01 17:55:11 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/11/01 14:49:32 | 000,001,936 | ---- | M] () -- C:\Windows\patsearch.bin
[2014/11/01 14:49:31 | 000,058,040 | ---- | M] (Corsica) -- C:\Windows\SysNative\drivers\webinstrNew.sys
[2014/11/01 14:49:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf
[2014/11/01 14:48:34 | 000,001,110 | ---- | M] () -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
[2014/11/01 14:48:26 | 000,001,107 | ---- | M] () -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
[2014/10/23 10:11:16 | 000,734,121 | ---- | M] () -- C:\test.xml
[2014/10/16 09:57:22 | 000,444,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/10 15:14:32 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/10/10 01:53:36 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/10/10 01:53:22 | 000,504,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/10/10 01:47:41 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/07 21:43:06 | 000,262,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/10/05 21:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Jesse\Documents\*.tmp files -> C:\Users\Jesse\Documents\*.tmp -> ]
[1 C:\Users\Jesse\AppData\Local\*.tmp files -> C:\Users\Jesse\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/01 20:49:46 | 000,002,975 | ---- | C] () -- C:\Users\Jesse\Desktop\HiJackThis.lnk
[2014/11/01 19:04:06 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\AVG_SYS_TASK_1014avt.job
[2014/11/01 19:04:06 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\AVG_SYS_TASK_1014avt_DELETE.job
[2014/11/01 18:51:25 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/11/01 18:44:29 | 000,001,681 | ---- | C] () -- C:\Windows\SysWow64\${LOGFILE}
[2014/11/01 17:56:38 | 000,001,089 | ---- | C] () -- C:\Users\Jesse\Desktop\Continue Live Installation.lnk
[2014/11/01 14:53:46 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/11/01 14:53:46 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/11/01 14:53:46 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/11/01 14:51:44 | 000,002,450 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-5_user.job
[2014/11/01 14:51:43 | 000,002,450 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-5.job
[2014/11/01 14:51:35 | 000,002,114 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-2.job
[2014/11/01 14:51:31 | 000,003,474 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-1.job
[2014/11/01 14:51:29 | 000,001,332 | ---- | C] () -- C:\Windows\tasks\MKJ.job
[2014/11/01 14:51:22 | 000,004,842 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-4.job
[2014/11/01 14:51:10 | 000,004,162 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-6.job
[2014/11/01 14:51:09 | 000,003,818 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-7.job
[2014/11/01 14:51:05 | 000,005,188 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-11.job
[2014/11/01 14:51:02 | 000,001,336 | ---- | C] () -- C:\Windows\tasks\KUUDE.job
[2014/11/01 14:50:56 | 000,000,956 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/11/01 14:50:53 | 000,004,498 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-3.job
[2014/11/01 14:50:53 | 000,000,952 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/11/01 14:50:48 | 000,001,138 | ---- | C] () -- C:\Windows\tasks\3e00addb-f7b7-4963-8dcf-76173f44c9aa-10_user.job
[2014/11/01 14:49:52 | 000,002,432 | ---- | C] () -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/11/01 14:49:32 | 000,001,936 | ---- | C] () -- C:\Windows\patsearch.bin
[2014/11/01 14:49:31 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\NewPlayer Update.job
[2014/11/01 14:49:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstrNew_01009.Wdf
[2014/11/01 14:48:34 | 000,001,110 | ---- | C] () -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
[2014/11/01 14:48:26 | 000,001,107 | ---- | C] () -- C:\Users\Jesse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
[2014/09/01 08:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Jesse\AppData\Roaming\MKJ
[2014/09/01 08:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Jesse\AppData\Roaming\KUUDE
 
========== Files - Unicode (All) ==========
[2013/10/13 22:14:18 | 000,015,326 | ---- | M] ()(C:\Users\Jesse\Documents\??? ? ????.docx) -- C:\Users\Jesse\Documents\聖誕節 與 新曆新年.docx
[2013/10/13 22:13:56 | 000,014,696 | ---- | M] ()(C:\Users\Jesse\Documents\?????.docx) -- C:\Users\Jesse\Documents\親愛的客戶.docx
[2013/10/13 22:13:55 | 000,014,696 | ---- | C] ()(C:\Users\Jesse\Documents\?????.docx) -- C:\Users\Jesse\Documents\親愛的客戶.docx
[2013/10/13 14:53:51 | 000,000,162 | -H-- | M] ()(C:\Users\Jesse\Documents\~$? ? ????.docx) -- C:\Users\Jesse\Documents\~$節 與 新曆新年.docx
[2013/10/13 14:53:51 | 000,000,162 | -H-- | C] ()(C:\Users\Jesse\Documents\~$? ? ????.docx) -- C:\Users\Jesse\Documents\~$節 與 新曆新年.docx
[2012/11/25 20:41:52 | 000,015,326 | ---- | C] ()(C:\Users\Jesse\Documents\??? ? ????.docx) -- C:\Users\Jesse\Documents\聖誕節 與 新曆新年.docx

< End of report >
 

Link to post
Share on other sites

Hello Jesse and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites
  • 3 months later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.